On premise RTS confusion

I'm working on a real-time IoT system which will be deployed on premise, on a single virtual machine, scaling and high availability is not a concern here, the actual device is our critical part while the BE is more of a "nice to have". Also there will be a small amount of devices (<50) and our backend logic is not really that complex, we have like 6 subsystems

We need to support full duplex communication between browser UI and those devices. Our backend is running on NestJS. Communication with UI or devices is fairly straight forward, but where I'm struggling right now is deciding on how to make the communication backbone.
In cloud environment I'd use a message broker for it, that way logic is nicely decoupled and we have a nice buffer and a pub/sub interface

here, i'm not quite sure what is the optimal (or somewhat optimal) solution because of the following factors:

* people working on the project are quite inexperienced, so anything too complex would backfire on our ETA
* the virtual machine running this will not be that great, let's say it has 8GB RAM (maybe I'm overthinking on this part, but installing some software might hog too much of the resources)

So the question is:


* does it make sense to add something like RabbitMQ in here? (devices are using gRPC http2)
* do I just go Redis pub/sub?
* or just good old observer pattern?

https://redd.it/se68zg
@r_devops

Can anyone give an ELI5 of this article?

https://medium.com/@cfatechblog/bare-metal-k8s-clustering-at-chick-fil-a-scale-7b0607bd3541

I just started and want to get a better grasp of the DevOps world. This article is really interesting, but I feel like I don't understand how they use the technology.

Could anyone provide me with some information about how it works?

https://redd.it/se7jca
@r_devops

Learning Devops - Need help

Hey people,

&#x200B;

Why some of the microservices get service endpoint automatically but some not?

Cluster was created by terraform with elb and private and public subnets, I'm making use also in external-dns to manage public dns zone for my domain application.Cluster based on AWS EKS.

https://imgur.com/t020i6F

I attached a picture for your reference.

https://redd.it/se8l0b
@r_devops

It looks like docker networking is kind of sticked to the order or containers boot

I had 2 cases where it is definatelly a fault of the order containers boot

First happened when I ran

`docker network create some-shared-network`

and created two, or more projects with docker-compose that reused the external network to communicate with each other

This didn't work after I restart my machine and is mostly related to order of spinned up containers, service B requires service A to start first to be visible

Now I had similar problem with my selfhosted Jira software that could not communicate with the database which all were in the same stack (in the same non-external network)

I had to scale down the app service to 0 instances and then scale it up to previous values... recreating the stack didn't help... and suddenly it noticed the presence of the database...

Docker, what the heck

https://redd.it/se95az
@r_devops

Buddy: It just .Works

A few months ago my team and I set out to replace an existing WordPress site with a Gatsby.js PWA. We originally had a shared hosting plan, but as our Gatsby site became more and more fledged out, deployments to this hosting provider became increasingly difficult. Our original hosting platform was geared more towards WordPress hosting and did not come with CI/CD customization out of the box, so we ended up getting our own dedicated server on Cloudways – and that’s where Buddy comes into the picture. The perfect “middleman,” Buddy is the seamless fit for our Gatsby application – our first pipeline began with a staging environment and it involves 3 steps: as soon as the associated branch on GitHub receives a new push, Buddy prepares our environment by fetching and uploading the new files to our server. Finally, according to our package.json we are able to trigger node installations and a Gatsby build process to deploy our site. I just sit back and watch the logs of the pipeline to make sure all is well, and Buddy will just do its thing. It just works. Gone are the days of having to SSH into your server and manually doing everything yourself! And the best part? The free tier Buddy offers is more than generous enough to suit your every needs. Highly recommend checking them out – it’s worked wonders on someone like me who is more front-end-oriented and is quite new to DevOps.

https://redd.it/se9qoa
@r_devops

Moving away from Chef // Data bag alternatives?

Hi Everyone,

Our team is looking to move away from chef; mostly due to cost. We utilize data-bags pretty heavily and I'm curious if there are any cost-effective alternatives? We've considered ansible-vault, hashicorp, etc. Just curious if there are any open-source technologies we can leverage.
We'd plan on storing secrets... <keys, etc>; so some sort of encryption would be ideal.

Our team is big on python and go; so anything along those lines would be awesome.


Thanks in advanced.

https://redd.it/secpdo
@r_devops

Terraform. Should I use a new s3bucket and DynamoDB for each TF project?

Hi, I'm using Terraform for learning proposes and want to upload my terraform project to Git (excluding the tf.vars and .tfstate) and want to upload the State to an AWS remote backend.

I'm not sure, Should I create a new bucket for each new Terraform project?
Maybe I could create a 'terraform-tfstate-bucket' and upload in a different folder each tfstate for each project.

Seems cleaner and more centralized. What do u think?

https://redd.it/se73ge
@r_devops

Realistically talking, which CI/CD tool to use if starting from zero?

Hi,


It's me again, so, I have this situation, one of our clients does not like managed stuff, so we are using "on prem" (in our EC2 instances) Atlassian Server products, the whole pack, Jira, Bitbucket, Bamboo, Confluence, even Crowd, now, as some of you may know, Atlassian is ending feature development for their Server line (Data Center is way too pricey for us) in February of 2022, and end all support in 2024, so, I talked to my bosses and they agreed to start looking for an alternative


So, what are the real options in 2022? I looked into ligurios Awesome CI, list of CI services and there are a few of CI services like Abstruse CI, Agola, Buildkite, Circle CI, Cirrus CI, CDS, Concourse CI, flow.ci, GitLab, Kraken CI, Semaphore, TeamCity, etc


I don't have time to test all of them to see which one is better, I'm leaning into GitLab because of all the features (and if they like it enough, maybe migrate our other proyects from Bitbucket Cloud to GitLab cloud ) and something that I grew to hate about Bamboo is it's lack of features (or have to pay 5k a year for plugin that does something) and having to write what I need in bash


Our pipelines are mostly for NodeJS backends and Angular frontends (with webpack) and a few custom docker images that I need to build, for now our deploys consists of sshing into our DEV or QA hosts and installing our packages with NPM (something that I want to work into too)


It doesn't have to be free (we already paying a good amount to Atlassian), it shoud support SAML SSO (with Okta at least)


Does anybody has experience with lesser know CI/CD tools and would like to share?


Please don't say Jenkins



Thanks


Alex

https://redd.it/sec4g8
@r_devops

How to select a Network Gateway for your Private Cloud

We created this blog post to help answer some very common questions regarding how to route traffic into your kubernetes clusters:

https://www.netris.ai/how-to-select-a-network-gateway-for-your-private-cloud/

&#x200B;

Disclaimer: I work for Netris.

https://redd.it/se8sqg
@r_devops

What have you made so far that you're "proud of", so to speak?

The tile sounds like a "juniorish" question, but I'll leave it like that. = )

https://redd.it/seiisw
@r_devops

"The fact remains that tooling is behind the culture. To date, if there's a major incident that needs rapid response, developers often feel powerless because they don't have a connection to SRE tools that are heavily infrastructure-oriented." Agree or disagree?

I came across this article and I wanted to get a feeling on whether or not people agree with this statement, made by Itiel Shwartz of Komodor. I'm fairly new in my Devops journey so I would appreciate some discussion to learn from.

Source: https://vmblog.com/archive/2021/12/13/komodor-2022-predictions-sre-tools-will-start-speaking-the-language-of-developers.aspx#.YdxWBBNBz0q

https://redd.it/sekaam
@r_devops

Not much devops but for you it's installed on your machine

I'm looking for an alternative for Docker Desktop. I'm not sure if there are alternatives where docker cli command is compatible. If there's none, it's ok. Which alternative did you like best?

https://redd.it/sel0w5
@r_devops

How to get error messages from Puppet to show up in Jenkins?

I have a pipeline that restarts artifactory.service when there is a change to a configuration file. The job is failing but I can only see the error message in Puppet, how can I get this error message to display in the Jenkins pipeline logs?

I havent been able to find it in the task endpoints doc.

This was the error btw

{"status": "failure", "error": {"message": "Job for artifactory.service failed. See "systemctl status artifactory.service" and "journalctl -xe" for details. ", "kind": "bash-error", "details": {\]}}

But I want to see the error message for any error that pops up from Puppet, in the Jenkins Pipeline.

https://redd.it/se7hu8
@r_devops

HA Vault/Consul Setup

Hello, almost all Vault/Consul HA setup guides uses Consul client on Vault side, I see it is also possible to connet vault directly to consul server. Is it wrong way, is there downsides? (Vault and Consul are on same server under Docker)

https://redd.it/seocnt
@r_devops

Automated testing, development of a substantial number of Ansible roles

We have a substantial inventory of in-house developed Ansible roles (almost 70 and that number is rapidly growing).

They are representing an essential set of tools that we use every day to manage existing and deploy new infrastructure for our hosting customers, so we are really trying hard to keep them updated, tested and in a working condition.

So far we used `molecule` with Docker as a driver to develop them locally, and GitHub Actions to automate their scheduled testing, as we have tests for dozens of scenarios for each role.

However, doing it this way is really starting to be a problem, especially in the development side of things because of `systemd` (we are using Geerling's base docker images) that just does not work properly all the time and some other molecule related bugs that we need to deal with.

Often, our automated tests on GitHub Actions fail just because of Docker, even though roles themselves are functioning perfectly fine.

With all of that said, I feel that we need to make some changes in our development and testing, but I am unsure what could be a proper replacement for the `molecule+docker`? To make things worse, we need something that works on both M1 and X64 arch (for development), plus GitHub Actions as platform of choice for automation.

We were considering switching to Vagrant for development, but Vagrant does not work on M1 (because of VirtualBox). Multipass would do the job, however there is no Provider/Driver for Multipass (plus we are always developing our roles to work on Ubuntu, Debian and CentOS, so Multipass would not be an ideal candidate).

We also have a substantial amount of Proxmox servers that we could use to bring up instances, do automated deployment and testing and then bring them down, but molecule does not have support for Proxmox, either, and documentation is quite horrible.

So, does anyone have a suggestion how we can improve all of this?

EDIT: Just to make it clear, I am more of trying to find if there is a better way of doing all of this, having in mind the amount of roles we have. I know that we can always build our own Docker images to fix the sysmted issue, and continue with what we were doing so far.

https://redd.it/seowmc
@r_devops

when and how to choose cloud over vps?

If I've a web application that doesn't really require elastic features of the cloud and doesn't really need any of the managed services that cloud provides.

Is it justifiable move the app in the cloud? When it becomes justifiable?

I mean, managed services sure help and they speed things up quite a bit, but I feel like I could do the same things with a dedicated server or a VPS with a fraction of the cost.

Asking because recently I've been working with multiple different clients that have wanted and even have it as a requirement to use the cloud even when the app itself is going to be closed from public use and won't ever need any of the elastic features, ever.
I want to be able to justify these choices. I want to truly understand how and why this is a good choice to make over a VPS or dedicated machine that could do everything needed with a fraction of the cost.

At the moment I feel like... clients could save a lot of money. What I am missing here?

https://redd.it/se5t2j
@r_devops

CVE-2021-44790 => anyone else running amazon linux 2 seeing this?

https://alas.aws.amazon.com/cve/html/CVE-2021-44790.html

We got some directions from aws support to upgrade/resolve the issue but it's not working...

\-  Step 1: Check Apache (httpd) status: $ sudo systemctl status httpd           
****You should see “active (running)” for your httpd service. If not, to start Apache, run $sudo systemctl start httpd
\-  Step 2: Check modules enabled for Apache (httpd) $ sudo httpd -M
****Look for lua module, you can also add “| grep lua” at the end of the above command
\-  Step 3: Find the lua module configuration file $ ls /etc/httpd/conf.modules.d/
****You should see a file named “xx-lua.conf”
\-  Step 4: Disable lua module $ sudo vim /etc/httpd/conf.modules.d/00-lua-conf
****open the file, press “i” to modify the file, place a “#” in front of “LoadModule lua_module …”, press “ESC” to finish editing, and enter “:wq” to save the changes and quit
\-  Step 5: Restart httpd to apply the change $ sudo systemctl restart httpd
\-  Step 6: Ensure lua module is disabled $ sudo httpd -M | grep lua
**** If nothing returned from the above command, that means lua module has been disabled. Once lua module has been disabled, Inspector will automatically remove the security notification shortly.

Anyone else seeing this? I would think this is an AWS team thing they should do in the background (we're using elastic beanstalk).

We're also no using apache (but it is downloaded of course).

https://redd.it/se5mar
@r_devops

Where do you find people passionate about devops in a purely management perspective?

I have a wonderful problem, my volunteer organization has tons of very capable developers coming together to build something awesome they could never do alone.

However, right now things are pure chaos and we need people who can understand and manage people to help.

Sadly, unlike the game development industry, there doesn’t seem to be any classified area to try to find these kind of people on Reddit.

Where do people passionate about these sort of things come together to work on projects or to find projects to work on?

It should be noted that I run a volunteer organization that has a massive positive impact but the people who volunteer do it for the sake of the impact and not the funds.

https://redd.it/se0xgl
@r_devops

How to Install and Configure SonarQube on CentOS 8 | Step by Step SonarQ...

How to Install SonarQube on CentOS 8, Install and Setup PostgreSQL 14 Database For SonarQube,Configure SonarQube

&#x200B;

\#sonarqube #installsonarqube #devops

https://www.fosstechnix.com/how-to-install-sonarqube-on-centos-8/

https://redd.it/seu09p
@r_devops

What's your monitoring stack?

Myself and others in my organization are unhappy with our monitoring software and are reconsidering it. I'm curious what everyone else is doing for this.

What do you use for monitoring?

What do you monitor with it? Is it mostly cloud resources? Do you monitor any physical hardware such as firewalls, SAN, esxi cluster?

Do you have it set up to run any sort of automated first response if an alert condition is met, and if so, how is that set up?

How are alerts sent to responders?

https://redd.it/sevtqs
@r_devops

We looked at job descriptions for SREs at GitLabs, Microsoft and others

The SRE role has shifted quite a bit over the last few years,we looked at job descriptions from companies like Linkedin, Microsoft and others to see what they're looking for!

https://redd.it/sex2sa
@r_devops