What AWS service is crucial / very useful in day to day operations, but often overlooked?

This is an open question, it could be anything from WAF to AWS config idk. As per title, what AWS service has changed a lot for you in your day to day operations, but is unpopular?

https://redd.it/sqt5j8
@r_devops

Rebasing and force pushing

When do you decide to do a rebase rather than just push another commit to go back to the state you want. And how do you rebase and force push safely?

Edit: I’ll add a particular example. Say you have a feature branch where master has been updated since you branched it. Do you rebase the feature branch and force push or merge.

https://redd.it/sqwzo5
@r_devops

What is your coding skill level and what is your language of choice?

As I'm trying to land a job at one of the bigger companies (e.g., Disney, Netflix, TikTok, Amazon, Google, Tesla, etc.) instead of the smaller startups that I've worked at most of my career as a DevOps engineer, Cloud architect, or systems engineer, one my of main weaknesses (that I've noticed) is coding. Specifically around solving exercises on leetcode, hackerrank, etc. Even though I know how to code in Python and PowerShell, in my day-to-day, I'm using logic to interact with other systems. Moreover, I understand and leverage fundamental programing concepts like if statements, loops, variables, functions, etc. I don't really deal too much with classes and beyond. Unfortunately, since most bigger companies use those types of sites like leetcode and hackerank as a benchmark, what advice do you have on those types of problems? Admittedly, I'm not too good in math and I didn't goto college. I'm more self taught and have been in IT a long time. I was thinking of focusing on pre-algebra, then college algebra, then business calculous. This should help me better be able to identify how to solve these problems, then the syntax seems like the easier portion. The problem is i have no idea what approach to take when i look at this problems on those sites.


In summary, which would you recommend? Should i
1. stare at leetcode problems until i get it?

2. Ensure that i have the fundamental knowledge of pre-algebra, college algebra, and business calculous which would make it more approachable and I only have to focus on the syntax of the language?

3. Something else i haven't thought of...

​

I know this is a long post but I want to be intentional as possible and learn from my peers. What are your thoughts?

https://redd.it/sqx7bx
@r_devops

Very Sus/Scammy-Sounding Interviewees This Past Year

I've interviewed dozens of people over the past few years. What I've noticed recently, as DevOps-type jobs' pay has gone through the stratosphere, is what I can only classify as job seekers who are straight up lying or being coached in interviews.

Here's what I've noticed about how it goes with these types of interviews:

1. The interviewee sits so close to the screen you can only see just their face, and usually no neck, shoulders, or torso visible.
2. When asked to summarize their job history by an interviewer, the interviewee reads a prepared script that is keyworded all about the same, the commonality of the language pattern having a lot of "such as" phrases. Following their eyes on camera, I can tell they start with their eyes at the top and their eyes go down the screen as they read.
3. When asked to quantify their proficiency in a certain area (say from 1-10), they usually say somewhere from 6-8. Upon asking them to explain how to use said tool or to explain when you would decide to use a part of the tool over another, they seem to immediately shift their view, as if to start searching for the answer. After a few seconds, they say "can you hear me?" like we had lost connection. When watching them, I can tell there is no loss of connection. After we go back and forth saying we can hear them now, they suddenly have a canned, but still very generic response to the question asked. For example, if I were to ask when to use an Ansible role, they would eventually come up with what an Ansible role is defined as and say that. Knowing what to look for now, I asked them to explain to me how to use an Ansible role in an actual playbook. They usually at this point start rambling in generalities and when pressed, cannot provide the answer.
4. Any topic the interviewee knows they immediately say what the answer is; any one they don't, they will use the excuse of a connectivity issue or that they could not hear. But it's only for something they don't know.
5. All the questions are answered in general, sometimes highly-keyworded terms. Never any specifics you would expect if someone had hands-on knowledge.

Has anyone else noticed these patterns lately? What do you do to quickly weed out these types of job seekers? Is this a widely known thing?

Thanks!

https://redd.it/sqz6u6
@r_devops

Picking between a contract or staying as an employee (does the contract sounds more DevOps?)

I recently interviewed for a 12 month contract position and got an offer. I'm currently an employee for a different company.

The contract sounds more interesting as it'll involve embedded device deployments using OCI runtimes where my current place doesn't use containers because of separation of concerns span across too many shared scripts executed by several pieces of software that isolating the dependency trees would required time the project does not have time to allocate.

Mainly I prefer OCI and CI/CD development work over pure configuration management of VMs with no other type of work in sight for the next year aside from writing network policy scripts on a fairly large and confusing code base that management agrees needs refactoring but there's no time for it.

I'm trying to ask how'd you determine what road you'd accept to continue down on? The OCI & CI/CD development 12 month contract or the nice stable job where it's clear what you'll be exposed to over the next year with maybe the opportunity to help refractor the code base into using OCI containers.

Container building, managing them, managing the VMs and CI/CD development is what I thought I was hired for in my current DevOps role. But it's turning out to be VM package maintenance, patch package upgrades, and network policies. Is that the typical DevOps employee role because of its long term needs are more firefighting than a contract to create reproducible environments to run software in? I can't tell if I'm being shortsighted or too new to the field or if staying leads to what I thought DevOps would be when someone else is offering the work on a contract (so you know to some degree it's not being changed on you but you probably will deal with feature creep).

Thank you for your input.
I did software development for 8 years before getting into DevOps.

https://redd.it/sr03nd
@r_devops

Hashi Boundary vs. Teleport vs. StrongDM;

Is anyone using these tools to manage cloud application access? I am wondering what mass like or ⠀dislike about these tools or if any of them are any good.

https://redd.it/sqyk1r
@r_devops

Is it okay to half-ass a solution, when it’s temporary?

Yeah, the big catch right, it’s never temporary..

So, situation:

Platform: windows server, php.

In a recently acquired business, their publishing to both prod and UAT (and I’ll assume dev as well, though the devs themselves have access to that and do their own publishing) is done by RDPing onto the servers, where they have git installed, and do a “git pull” to bring it up to date.

On UAT, they actually charge branches to publish to it what they want.

“It’s always been this way” - but to me, this is horrid! Beyond horrid, in fact.

First, I should ask, am I off base here? Is this valid/normal?

It’s really only come to my attention lately when the guy in my team from that business went on leave, and I was suddenly pestered by the dev team to routinely (2-3 times per day) do a git pull for them on the UAT servers.

I’m big on automating the hell out of everything, and this just tells me this team member is spending way too much time doing this manually.

Now I’d love to remove git from the servers, use bit bucket pipelines to stage a deployment and push it to the servers, but I’m told by the dev lead they’re “extremely close” to having the code able to run in containers. (Frankly, I don’t know what would really prevent php doing that in the first place, but not my place to argue), meaning these servers all get destroyed very soon. I hope.

So rather than investing time to build all of that, so I was thinking, would it be “valid” to use a pipeline commit trigger that just remotely executed the git pull on those servers, so when a commit is merged in, it will auto-pull it on the servers. It still feels icky to me, but I could knock that up really fast without any risk to operations and minimal work, while waiting for the containers, or is it better to do it right and proper now, even if the containers are imminent?

https://redd.it/sr88yw
@r_devops

How much of an upgrade would this be?

My current machine has 32 GB of memory and here are the specs:

​

SMBIOS 2.7 present.

​

Handle 0x1100, DMI type 17, 34 bytes

Memory Device

Array Handle: 0x1000

Error Information Handle: 0x0000

Total Width: 64 bits

Data Width: 64 bits

Size: 16384 MB

Form Factor: DIMM

Set: None

Locator: DIMM 0

Bank Locator: Not Specified

Type: RAM

Type Detail: None

Speed: Unknown

Manufacturer: Not Specified

Serial Number: Not Specified

Asset Tag: Not Specified

Part Number: Not Specified

Rank: Unknown

Configured Clock Speed: Unknown

​

Handle 0x1101, DMI type 17, 34 bytes

Memory Device

Array Handle: 0x1000

Error Information Handle: 0x0000

Total Width: 64 bits

Data Width: 64 bits

Size: 16384 MB

Form Factor: DIMM

Set: None

Locator: DIMM 1

Bank Locator: Not Specified

Type: RAM

Type Detail: None

Speed: Unknown

Manufacturer: Not Specified

Serial Number: Not Specified

Asset Tag: Not Specified

Part Number: Not Specified

Rank: Unknown

Configured Clock Speed: Unknown

​

Architecture: x86_64

CPU op-mode(s): 32-bit, 64-bit

Byte Order: Little Endian

CPU(s): 8

On-line CPU(s) list: 0-7

Thread(s) per core: 2

Core(s) per socket: 4

Socket(s): 1

NUMA node(s): 1

Vendor ID: GenuineIntel

CPU family: 6

Model: 79

Model name: Intel(R) Xeon(R) CPU E5-2686 v4 @

2.30GHz

Stepping: 1

CPU MHz: 2300.084

BogoMIPS: 4600.16

Hypervisor vendor: Xen

Virtualization type: full

L1d cache: 32K

L1i cache: 32K

L2 cache: 256K

L3 cache: 46080K

NUMA node0 CPU(s): 0-7

​

​

I want to switch to this one, so I was wondering how much of a speed boost I would get. I am worried, because this one only has 16 GB, so I have no idea how it would perform.

​

c5.2xlarge 8 16 EBS-Only Up to 10 Up to 4,750

​

https://aws.amazon.com/ec2/instance-types/c5/c5.2xlarge

https://redd.it/sr89vo
@r_devops

"Daddy, what do you do at work?"

"Well sweetie I just stand here on this balance board and type stuff, occasionally breaking for more coffee."

"Why were you yelling at that man on the phone?"

"Oh, well you see princess, he's on what we call 'the CloudFlare sales team' and he won't stop calling daddy 10 times a week."

Seriously though, my kids are genuinely curious about what I do. Every time they ask, I try to answer and realize what I just said made no sense to them.

FWIW, they're 8 and 11. My son (11) is even starting to occasionally ask "so what are you working on right now?" It sucks because I'd really love to answer him but even when I try to dumb it down a few levels, nothing I say makes sense to him. So I usually just mutter something like, "ugh... trying to fix this shit." Lol

How do you all explain your job/tasks to your kids?

https://redd.it/sra77u
@r_devops

How do use Go or Python in your work?

What are the tasks that Go or Python help you solve in your work as a devops eng?

https://redd.it/srfk74
@r_devops

I have this idea. Thoughts?

Kubernetes ecosystem is pretty saturated. Everything you can think of there is already tool ready for you. However this is not the case for Linux automation / configuration management ecosystem. There are Chef, Puppet, Ansible. But they feel like they're not enough or at least not on par with k8s ecosystem. I wish if there was a tool like ArgoCD but for configuration management / state management for Linux itself. K8s is cool and all, but it runs on Linux. Linux servers have to be provisioned, automated & maintained in a long term. This is no easy task. Currently I'm working with two major tools. Puppet & Ansible. They're both useful in their own terms. IMHO Ansible's agentless mode comes with both advantage & disadvantage. In k8s ecosystem I just use ArgoCD and connect my git repository and forget about it. Unless there is an error on ArgoCD, I don't care. I know it's applied automatically and running healthy. However I cannot do the same for Linux server provisioning. Ansible doesn't have an agent, it's one shot operation. Puppet has agent but it's not realtime, AFAIK it runs on certain interval, default on 30 mins right? So what I really want to have is something like "ArgoCD but for Linux automation".. Imagine you define your Linux server's state in your git repository and your tool handles rest of it in realtime. It ensures your Linux server's state matches what you have defined in your git repository. Does this make sense? I don't think this kind of workflow doesn't exist currently unless I'm missing something. What's your opinion on this approach?

If there were a such tool would you use it? Is it already possible with certain tools? If yes please let me know. If no I'm willing to create an open source tool for this exact use case. Please let me know your opinion.

https://redd.it/sqnd12
@r_devops

Need help with side project deployment

I have several side projects and i am in the process of deploying on right now. I am trying to use GCP free tier. I dont want to use heroku. Any suggestions on how can i setup alerting, automation, logging and other required stuff ? Or Any guide i can follow. I will be deploying my other projects soon and this one is taking too much time.

https://redd.it/sqq6pf
@r_devops

Sysadmin VS Devops?

As a highschooler looking into various technologies regarding deployment and management of servers, be it in the cloud, a virtualized environment or even bare metal, I want to specialize (in a very general sense) in some branch of IT. Looking into the most popular ones I came to these observations:

- Networking = something I'll inevitably learn (at least the basics) as I'm learning for other areas, so I won't focus on it too much yet


- Security = not really my cup of tea as far as I can tell

- Storage/DB administration = kind of like networking

- System administration = definitely something I'm interested in

- DevOps = same here


I'm interested in your thoughts on the main differences between these 2, as well as their benefits and drawbacks. From what I know, DevOps is mostly present in newer companies/companies that want to advance, making it quite appealing in that regard. Then again, "classic" sys administration is still extremely popular, which is why I'm on the fence about this choice.

Thanks for your help.

(and before you say it, yes I will be posting this to other subreddits)

https://redd.it/sriaif
@r_devops

PeopleCert DevOps Fundamentals Exam

Hi,

I have bought a voucher for the PeopleCert DevOps Fundamentals exam but I have no material to study from. Also AXELOS has not published any official book to pass the PeopleCert DevOps Fundamentals exam. Does someone know where can I find the material to prepare for this exam?

https://redd.it/srjijr
@r_devops

Am I a good SysAdmin or Devops

Hi all,
My boss keeps telling me that I am a SysAdmin, despite the fact that My knowleges are:
Ansible
Terraform
Azure on-prem
Docker
PowerShell
Packrt
CI-CD

My question is:
What more do i need to enter the crazy world of devops?
Right now I am trying to learn python

https://redd.it/sqpy1o
@r_devops

This week in the Console newsletter we interviewed Ilya of NGS! NGS is a "next generation shell" built from the ground up for modern dev ops.

I thought /r/devops might be interested in reading the interview since Ilya's shell was designed for devops :)

https://console.substack.com/p/console-92

https://redd.it/srm4uk
@r_devops

Hikaru 0.11.0b released

Hikaru is a tool that provides you the ability to easily shift between YAML, Python objects/source, and JSON representations of your Kubernetes config files. It provides assistance in authoring these files in Python, opens up options in how you can assemble and customize the files, and provides some programmatic tools for inspecting large, complex files to enable automation of policy and security compliance.

Additionally, Hikaru allows you to use its K8s model objects to interact with Kubernetes, directing it to create, modify, and delete resources.

This is the most recent version of Hikaru that is a catch-up for the releases of the Python K8s client that have come out while Hikaru's build system was reimplemented. This latest version of Hikaru adds support for K8s 1.21 APIs and models, and includes support for the black code formatter's first full release.

This release also drops support for the 1.17 release of the K8s Python client, and support for the 1.18 release is deprecated.

Detailed notes on changes are in the release notes.

​

https://github.com/haxsaw/hikaru

https://pypi.org/project/hikaru/

https://redd.it/srnbvz
@r_devops

How do you deliver Kubernetes applications in 2022?

Hey everyone!

With my team, we're currently exploring what are the most common ways to maintain manifests and deploy them to Kubernetes in 2022. We are coming from automated (in our CICD servers) kubectl apply -f ... run against manifest files stored along with the application code. We wonder what people use these days to manage their apps deployments.

The main shortcomings we'd like to avoid (and that happen in the kubectl apply -f ... setup):

the multiplication of untracked resources (using namespaces better may already help us there tho..)
the drifting of the settings of deployed resources.

A few strategies we already have on our radar:

`kubectl apply -f ...`: well, it works right but it requires a bit of glue code and maybe tools can allow us to do things in a smarter way
Terraforming our K8S resources: we're exploring the option to Terraform our K8S manifests so we can keep track of the state of deployed resources and re-align them if they drift from expected setups. However, having all those .yaml manifests written in HCL is a bit hard to digest... Any strong cons for this option?
Helm charts: we like the fact that application are managed as atomic deployments that can be installed, upgraded, and removed. Coupling this with Terraform to effectively deploy may also give us some benefits in the way we approach deployments. However (and afaik), applying Helm charts with Terraform doesn't protect you from the drift happening in the resources associated with the chart.
....? Anything else?

We're open to consider any tool (or combination of tools) that can improve our K8S resources management ;-)

Thanks!

https://redd.it/sroq2s
@r_devops

Are interview prepping online services worth it?

Hello, I am studying for interviews with the big players in crypto and fintech in general. These companies have more than two interview sessions that are progressively challenging. I want to fully prepare for any kind of question, so I stumbled upon a service called Prepfully (just an example). A mock interview costs around 100$. Has anyone ever used such a service? They claim to have vetted sector experts in the required level as interviewers. Thank you.

https://redd.it/srqfuz
@r_devops

Can I run master / server K3S nodes on raspberry pi?

Just wondering if this may work

Also wondering if I could run this on a phone since I have few android devices that I do not use yet it has some decent power, can stay powered up for a long time, and GSM network is available 24 hours

So raspberries connected with local ethernet RJ45, and fallback mobile devices with batteries able to hold for a few days of power outage connected through primitive cellular network

https://redd.it/srqcst
@r_devops

How do you handle whom can deploy and tear down specific services?

From a devs perspective, it makes sense to have their app repo just build their code, and optionally deploy to a dev environment. But what about deploying to higher environments? Do you have a separate repo to deploy? If so, is this 'deploy' repo a mono repo for the entire firm's services or per team? How do you manage allowing devs to tear down services? If this also a repo, or something else?

As you can tell I'm trying to tackle lifecycle management, and make it self-service to each team. But at the same time trying to be cautious to prevent teams from impacting one another (e.g. tearing down the wrong service).

My initial thought would be to have a 'deploy' repo per team. Therefore permissions to the repo would be managed by that team; they would need to hard code the app version and commit to invoke a deployment. For tearing down they would update that same 'deploy' repo and change a value of 'instance_count' from something to zero. Effectively saying "please tear this down". With this approach everything is auditable since its git, and self-service since they have access to make commits. Using webhooks I can control the rest.

https://redd.it/srshyn
@r_devops