Why Cloud and DevOps are better together?

Cloud and DevOps are different approaches; however, they both aim to improve processes, productivity, and agility. And therefore, smart companies are proactively looking out for ways to combine both cloud and DevOps to further improve their agility, efficiency, and business results.

https://redd.it/sjbnbt
@r_devops

Using npm to install/uninstall in Dockerfile?

Hi I'm new to the JavaScript side of things. In some of our Dockerfiles we have npm installing angular and uninstalling a few other things, i.e "npm install @angular/..some version" or "npm uninstall <package>".

This seems like an anti pattern to me? Most of these packages are already in the apps package.json. I originally only did npm upgrade on a few packages that were broken pushed the package and package-lock. But later I found the container build was still failing because of these extra npm steps in the Dockerfiles.

Was I wrong to assume all of the package handling should be done through the package and package-lock? Or are there times when it makes sense to have different packages in the containers?

https://redd.it/sja3f0
@r_devops

Unit Test a Jenkinsfile

Has anybody ever had any experience with unit testing a jenkinsfile?

It's an area I'm not too confident in but we have a lot of large, complex, shared pipelines and the ask is to look into how we can unit test the jenkinsfiles/groovy scripts. I'm not too sure where to start so any advice would be great!

https://redd.it/siqurl
@r_devops

gtrace - Unofficial, simple yet effective Google Cloud Trace CLI tool

An enhancement for the great `gcloud` utility to manage your Google Cloud Trace data.

&#x200B;

https://github.com/moshebe/gtrace

https://redd.it/sjexkg
@r_devops

I do not know where to go next.

I study DevOps methodology, I like to manage a machine and program in Python. I've never worked as a DevOps engineer, so I'm on the lookout and at the same time studying tools.

I know how to use Kubernetes, Docker, Jenkins, GitHub actions and other tools.

Usually, I study everything by articles, and I also read a book: "The System Administrator's Guide" by Evi Nemeth. Now, I am seeing a decline in learning because there is no structured study of DevOps. For example, I studied Python during the course and thanks to this, I mastered it well, what to do with DevOps I don't know how to study it. Is it worth doing your own project and learning from it?

https://redd.it/sjee6x
@r_devops

Migrating from Kubernetes PodSecurityPolicies

PodSecurityPolicies provide security for Kubernetes pods & will be removed soon.
Read more about it here: https://www.appvia.io/blog/podsecuritypolicy-is-dead-long-live
In this blog you will learn:
\- What PSPs are?
\- A look at PSP alternatives
\- Migrate PSPs using Migration Tool

https://redd.it/sjfeim
@r_devops

Create zookeeper partial replication server

We were going through the Zookeeper documentation and found that zookeepers can have 2n+1 replica servers that contain the same data as that of the leader.

But in our requirement, we need a Central Server (server-0) which will be having configuration details of all the servers. Then partial replica server server-1, server-2, server-3 based on the namespace which will be having configuration data of their respective servers that will be in sync with server-0 to keep track of any changes to the data.

Configuration Server Diagram

Is it possible to create a solution for the above problem using either Zookeeper or any other configuration management system?

https://redd.it/sjgoo0
@r_devops

GitOps and progressive delivery

I manage k8s cluster state in GitOps way with ArgoCD and now I would like to do canary rollouts. There are Argo Rollouts I could use, but I have read an article from December 2020 that those are not really GitOps compatible because if a rollout fails the fact that a previous version of the deployment is running in the cluster (instead of a new rev) is not reflected in git state (in other words if you look at git you would assume a new version is running). It seems that Argo Rollout is not git aware at all.

How do you solve that problem today? Or a more broader questions is how do you progressively deliver new revisions with GitOps?

https://redd.it/sjj39h
@r_devops

Do you like your Dev-Ops job?

Just a simple survey i was interested in. Tell us how do you feel right now in your dev-ops related role?

View Poll

https://redd.it/sjmprt
@r_devops

HELP - s3fs slowness when using sftp

\#### Version of s3fs being used

Amazon Simple Storage Service File System V1.90 (commit:v1.90) with OpenSSL Copyright (C) 2010 Randy Rizun [email protected] License GPL2: GNU GPL version 2 https://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

\#### Version of fuse being used

Package: fuse
Status: deinstall ok config-files
Priority: optional
Section: utils
Installed-Size: 113
Maintainer: Ubuntu Developers <[email protected]>
Architecture: amd64
Version: 2.9.9-3
Config-Version: 2.9.9-3
Depends: libc6 (>= 2.28), libfuse2 (= 2.9.9-3), adduser, mount (>= 2.19.1), sed (>= 4)
Conffiles:
/etc/fuse.conf 298587592c8444196833f317def414f2 obsolete
Description: Filesystem in Userspace
Filesystem in Userspace (FUSE) is a simple interface for userspace programs to
export a virtual filesystem to the Linux kernel. It also aims to provide a
secure method for non privileged users to create and mount their own filesystem
implementations.
Original-Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Homepage: https://github.com/libfuse/libfuse/wiki

&#x200B;

&#x200B;

\#### Kernel information

5.11.0-1028-aws

&#x200B;

\#### GNU/Linux Distribution

NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.3 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

&#x200B;

\#### /etc/fstab entry

s3fs#my-bucket-data /data fuse _netdev,allow_other,retries=1,iam_role=my-instance-role,default_acl=bucket-owner-full-control,use_cache=/tmp/cachem,use_sse=1,umask=0022,dbglevel=info 0 0

\#### Log File

Here is a link to the a [log file](https://pastebin.com/ugDJESP0)

&#x200B;

I am running an SFTP server that is chrooting users to \`/data/user\`. \`/data\` is the mount point for s3fs and \`my-bucket\`. My instance and the bucket are both in the us-east-1 region of AWS. When I attempt to connect to the sftp (\`sftp user@endpoint\`), after entering my password I have about a 12 second delay until I am able to see my directory (which currently has 0 files). This happens on any SFTP client. When I look at the logs, I notice that there are calls looking for directories that don't exist (nor have I specified them anywhere). For example: \`.cache, .ssh, proc\`, etc. When I created the users, I make sure to use a custom \`/etc/skel2\` which just creates a empty directory for the users home. Why are these files being looked for?

https://redd.it/sjnqbe
@r_devops

nginx doesn't serve static files (sends them to UWSGI)

I have read every single StackOverflow post about this and tried a dozen configurations, but the static files keep getting sent to UWSGI for my Flask app. I may be missing something really basic?? Here's the config file:

&#x200B;

workerprocesses auto;
workerrlimitnofile 4096;

events {
workerconnections 4096;
}

http {
clientmaxbodysize 100M;

upstream fmc {
server fmcapp:8000;
}


server {
listen 80;
servername <mydomain>;
clientbodybuffersize 10M;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$requesturi;
}
}

server {
listen 443 ssl;
servername <mydomain>;
sslcertificate /etc/letsencrypt/live/<mydomain>/fullchain.pem;
sslcertificatekey /etc/letsencrypt/live/<mydomain>/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssldhparam /etc/letsencrypt/ssl-dhparams.pem;

location / {
proxypass https://fmc;
proxysetheader X-Forwarded-For $proxyaddxforwardedfor;
proxysetheader Host $host;
proxysetheader X-Real-IP $remoteaddr;
proxysetheader X-Forwarded-Proto $scheme;
proxyredirect off;
proxyreadtimeout 3600;
proxysendtimeout 3600;
proxyconnecttimeout 300;
proxyrequestbuffering on;
clientbodytimeout 300;
keepalivetimeout 300;
}

location /static {
alias /var/www/static/;
}

}
}

nginx is in a container but I have added the necessary volumes and I can access the static folder from inside the container using docker exec -it

https://redd.it/sjpm6f
@r_devops

What is wrong with my YAML file for Azure DevOps?

My background: I am new to Azure DevOps and have very little coding experience although I am becoming more familiar with Powershell as it relates to provisioning services in Azure.

Problem: I want to use an Azure DevOps Pipeline to create a new resource group (starting basic and will increase complexity overtime) by using a YAML file to reference a Powershell file I have uploaded to an Azure DevOps File Repo.

Details:

The powershell script is as follow:
" new-azresourcegroup -location 'Eastus' -name 'resourcegroup-test' "
YAML File generated by Azure DevOps:
\- task: AzurePowerShell@5inputs:azureSubscription: 'Test Subscription(--tenantID--)'ScriptType: 'FilePath'ScriptPath: 'ResourceGroup-CreationTest.ps1'azurePowerShellVersion: 'LatestVersion'

I am posting here because I don't believe this to be overly complicated but when I try to run the Pipeline I get the error:

Encountered error(s) while parsing pipeline YAML:
/ResourceGroupCreation-TestPipeline.yml (Line: 1, Col: 1): A sequence was not expected

Thank you in advance and I don't need the entire solution even guidance is appreciated.

https://redd.it/sjrujs
@r_devops

What is wrong with my YAML file for Azure DevOps?

My background: I am new to Azure DevOps and have very little coding experience although I am becoming more familiar with Powershell as it relates to provisioning services in Azure.

Problem: I want to use an Azure DevOps Pipeline to create a new resource group (starting basic and will increase complexity overtime) by using a YAML file to reference a Powershell file I have uploaded to an Azure DevOps File Repo.

Details:

The powershell script is as follow:
" new-azresourcegroup -location 'Eastus' -name 'resourcegroup-test' "
YAML File generated by Azure DevOps:
\- task: AzurePowerShell@5
inputs:azureSubscription: 'Test Subscription(--tenantID--)'
ScriptType: 'FilePath'
ScriptPath: 'ResourceGroup-CreationTest.ps1'
azurePowerShellVersion: 'LatestVersion'

I am posting here because I don't believe this to be overly complicated but when I try to run the Pipeline I get the error:

Encountered error(s) while parsing pipeline YAML:
/ResourceGroupCreation-TestPipeline.yml (Line: 1, Col: 1): A sequence was not expected

Thank you in advance and I don't need the entire solution even guidance is appreciated.

https://redd.it/sjrujs
@r_devops

A positive initiative from Microsoft for Microsoft Certified

Renew your Microsoft Certifications for free. Stay Microsoft Certified!
I hope other vendors can come up with something similar.

https://www.youtube.com/watch?v=ttuhmFHOTU8

** Simply sharing the link here as-is. Checkout https://aka.ms/RenewYourCert for more information.

https://redd.it/sjum8u
@r_devops

What is the formal name of the principle to have one artifact for all environments?

I know that the anti-pattern on a CICD pipeline is rebuilding a new artifact for each environment.

But I am not sure what is the "term" that is used to describe the pattern to only build the artifact once and deploy / promote it to multiple environment? I couldn't figure out what search term to use for references to this pattern.

https://redd.it/sjqkl1
@r_devops

Easy way to create tf from existing aws infra in EC2?

is there a way to call the provider and ask for a instance, then return everything I would need to build a tf of it?

https://redd.it/sjtrk4
@r_devops

Auto RDS encryption tool for AWS

Not sure if this is the right place to post this but recently had some trouble when I created an unencrypted RDS instance. It was not a great process getting the storage to an encrypted state again so I decided to automate the process. Hopefully, this helps someone out in the future!

https://github.com/logan-bobo/rds\_auto\_encrypt

https://redd.it/sju4zb
@r_devops

Separate .yamls for Jenkins Configuration-as-Code

Does anyone use separate .yaml files in their JCasC setup?

I would like to define only the security realm (rbac), default credentials, and agent configuration for the controller in .yaml files, but the JCasC documentation isn’t that extensive on the ‘Merge Strategy’.

If this is possible, it also has me wondering if reloading the configuration for an individual part of the entire Jenkins config (after a new user is added to the rbac.yaml for example) would require the entire jenkins controller to restart?

My impressions is that the JCasC yaml being changed would require the docker image for the controller to be rebuilt, resulting in downtime which would not be great in a production environment.

I am running Jenkins on AWS ECS fargate.

https://redd.it/sk2a0y
@r_devops

software dev --> devops?

Is it possible? Is it easy? Can I do something to prepare? I love operations, and system administration. But will devops be different enough from software development to warrant a switch? If anyone has experience on either side, I'd love your input. What makes devops so different from a development job?

https://redd.it/sk0osp
@r_devops

Azure Devops interview questions|Devops InterView questions

https://www.youtube.com/watch?v=DQv8qFilcE8

https://redd.it/sk4q6g
@r_devops

What certs do you think provide the most future value in the industry?

So I'll start by saying I'm not big into certifications. I already work in the industry (holding no certs currently) at a well respected company so I'm much more into the whole "practical experience over certs" mindset.

But I'm starting to think ahead to moving somewhere new in a couple of years and negotiating for a higher salary. I think having some good certs would make my resume stand out more and give me leverage for negotiating higher pay. My current company will pay for cert tests and, at the very least, studying for them might be a good refresher opportunity on different concepts and theory.

So what do you think is providing the most value to companies in 2022? And what will be valuable in the future?

I'm definitely eyeing the CKA. I was also thinking about working my way up to the DevOps Professional cert for AWS since I think that demonstrates being well-rounded. Thoughts?

https://redd.it/sjx1kq
@r_devops