How do you make an infinitely scalable Wordpress box?

How do you make an infinitely scalable Wordpress box? I have a box, and I have a cronjob that runs a stored proc from a MSSQL server, I want the other instances to just be slave instances of the master and not run any cronjob. Is there a tutorial on how to do this?

https://redd.it/stgnuj
@r_devops

DevOps Certification for someone wanting to become a Digital Nomad?

I am thinking of switching over to DevOps Engineer from my current Data Engineer job. I think DevOps gives more opportunities for remote work (thus helping to become a Digital Nomad!) and is less boring compared to being an SQL monkey as a Data Professional. Besides, I found it's very interesting to work with Infra and Production problems rather than PoC and pure data modeling jobs.

So, which DevOps certification should I get? GitLab is the best DevOps platform (CI/CD) now and they have some certifications. AWS on the other hand has cloud dominance and they offer DevOps Professional-level certifications. Moreover, Kubernetes is ever more important nowadays and GitOps is the future (that includes Terraform).

Please suggest to me which DevOps certification should I get that will cover Linux, Git, CI/CD, Docker, Terraform, Ansible, Kubernetes, etc?

https://redd.it/stjtjj
@r_devops

Env Variables

I know this can be somewhat opinionated but let's say we have an application with ten env variables of those 2 are only sensitive. Is it worth storing all of them in vault/secrets manager or set only the secret env variables in a secret manager and letting the other non-sensitive be placed in the cicd config?

https://redd.it/sti7g8
@r_devops

What are some other good DevOps skills test to add to this list?

After seeing something similar in this sub, I created the following skills test for new candidates. [Link\]

The goal was to make something easy but also a fun little exercise. What would be some other good additions that I may be missing?

Also feedback is (probably) welcome!

https://redd.it/stjbpa
@r_devops

Separate service account for each integration?

Service accounts are accounts that are not used by humans and are used to integrate a tool with another. For example database account to connect to external db, LDAP binding service account, SonarQube service account to integrate with Jenkins.

Is it best practice to use a separate service account for each of the individual integrations? Or is it okay to use a single service account?

Edit: Also, for certain integrations with Jenkins, the credentials is not required, but a generated token is used instead. In this case, what is the best practice? Can I just use the admin account for the tool to generate a token? Or should I create a service account for the tool to generate a token to be used in Jenkins?

https://redd.it/stjb7y
@r_devops

monitoring AND restarting services (small scale)

hi, we have just a few servers with a few small business scale apps (nginx, fpm, mysql, few docker containers, some other services).


what would you recommend for monitoring AND automatically restarting these services?
I have found this thread:
https://www.reddit.com/r/devops/comments/d83v9w/monitoring\_and\_autorestart\_of\_services/


I am looking for something that is:
\- simple to install and manage
\- can restart failing services if needed
\- will notify if an issue cannot be solved automatically (mail, telegram, webhook?)
\- generally, will allow me not to spend much time on this (small company, much responsibilities, limited resources, time)


I've seen folks are using prometheus with grafana now, but as I understand it does not handle automatically bringing the services back.

I used to use monit few years ago and it was doing it's job. just wondering if there is something new around?


thanks

https://redd.it/stqxon
@r_devops

What is distroless in Docker? Does it contain graalVM?

In my office where I work, we use google kubernetes engine and I used that to my quarkus application.

I should built my quarkus on native application. It's fine with quarkus 2.1.1.Final. However due to nexus scan violation detects some dependency, I think better to moved to latest quarkus core because it has latest dependencies. But when jenkins tried to built it fails with error "GraalVM installed is 21.0.0, quarkus support GraalVM xxx" (I am forgot the exact version lol)

Jenkins script is executing some dockerfile and inside of it written "FROM our repository/image name" the image name is "distrolesswithbashandsh:1.5"

On jenkins script we also has agent kubernetes yamlFile and it's container image named "centosquarkusmaven21java11:latest"

I have no experience with kubernetes server so I wonder where's is graalVM located? Does it's located on kubernetes system itself or in one of those container image?

https://redd.it/stt8v0
@r_devops

Awesome OpenTelemetry

Just created my first "awesome" list about OpenTelemetry.

Checkout Awesome-OpenTelemetry to find hopefully good and helpful resources.

An awesome list is a list of awesome things curated by the community.

You can read more in the Awesome Manifesto

https://redd.it/stuaxy
@r_devops

Free Secure Software Development Fundamentals Courses

The Open Source Security Foundation (OpenSSF) has developed a trio of free courses on how to develop secure software. These courses are part of the Secure Software Development Fundamentals Professional Certificate program.  There’s a fee if you want to try to earn a certificate (to prove that you learned the material). However, if you just want to learn the material without earning a certificate, that’s free; simply audit the course. You can also start for free and upgrade later if you pay within the upgrade deadline. All three courses are available on the edX platform.

The courses included in the program are:

​

1. Secure Software Development: Requirements, Design, and Reuse (LFD104x)
2. Secure Software Development: Implementation (LFD105x)
3. Secure Software Development: Verification and More Specialized Topics (LFD106x)

https://redd.it/stwefa
@r_devops

Moving away from a "DevOps team"

At my place of $WORK, management fell into the DevOps team trap. Essentially the Ops team got renamed to DevOps. Complete with the separation of duties. Now I understand specialization but it feels like 80% of the work that even needs to be done in modern dev is "DevOps" type work.

I've tried to move towards SRE principles and enable self service but it does feel like the burden is still mostly on my team. I'm almost tempted to go down the "NoOps" bullshit propaganda route so that system administration and IaC becomes everyones job because we foolishly cut the Ops team.

I've found that devs have gotten used to not having the responsibility and understandably don't want it or the work. How have you guys ensured that everyone chips in?

https://redd.it/stxi3e
@r_devops

Need guidance on how to deploy jenkins build efficiently

Hi, so we build a c# project on a node pc, it takes around 30 mins to build, and currently were using the same pipeline everywhere thats means build step again and again.

Need to make it so that it'll be built once, uploaded to Google Cloud registry or aws, then the same will be pulled by other machines and also rsync can help somehow I was told. I'm trying to find documentation on Google cloud for the same but not sure about it, should I use cloud run for it? I know something similar can be done using ansible, I want to know a good way to do this.

https://redd.it/stzkbs
@r_devops

Which AWS and Azure service is the same as Heroku?

I'm a hobbyist using Heroku to host my portfolio container. I like Heroku because it's super easy to use and deploy to. I'm only deploying one container and I don't need to scale or manage the container.

The AWS and Azure websites don't make it clear to me exactly which service would be similar to Heroku's. I was wondering which services from AWS and Azure I could also use and if they would be better?

https://redd.it/su0uhe
@r_devops

How to organize AWS SecurityHub alerts across multiple clients and multiple accounts per client into actionable tickets?

Hello. My boss has multiple AWS clients with multiple accounts per client and he's trying to turn the AWS Security Hub alerts for each client account into an organized pool of actionable tickets. The idea is to turn these countless alerts across all AWS accounts into an organized ticket pool we can take action on - sorting by the highest priority security alerts in a streamlined MSP-like ticketed way across all accounts.

He has me working on this Frankenstein-like project that uses Terraform to setup SecurityHub integrations in each client account with our main consultancy account via cross account roles and then it integrates with OpsGenie and SNS to organize the alerts by account and keep the live feed of alerts coming to Opsgenie. The project he's had me jump into is a mess requiring terraform state surgery at every turn and I can't help but think there's got to be a better way to do this. How should I propose we do this?

tldr: How can we turn countless AWS SecurityHub alerts across multiple AWS accounts into a streamlined live pool of tickets sorted by priority that we can take immediate action on?

https://redd.it/su1l96
@r_devops

Pure Bash Bible – A collection of pure bash alternatives to external processes

I thought the r/devops subreddit might be interested in this project I just found!

https://github.com/dylanaraps/pure-bash-bible

https://redd.it/su3w04
@r_devops

How to organize AWS SecurityHub alerts across multiple clients and multiple AWS accounts per client into actionable tickets?

Hello. My boss has multiple AWS clients with multiple AWS accounts per client and he's trying to turn all of our AWS Security Hub alerts across all clients into an organized pool of live tickets that we can take action on - sorting by the highest priority security alerts across all accounts.

He has me working on this Frankenstein-like project that uses Terraform to setup AWS SecurityHub integrations in each client account with our main consultancy account via cross account roles and then it integrates with OpsGenie and SNS to organize the alerts by account and keep the live feed of alerts coming to Opsgenie. The project he's had me jump into is a mess requiring terraform state surgery at every turn and I can't help but think there's got to be a better way to do this. How should I propose we do this?

tldr: How can we turn countless AWS SecurityHub alerts across multiple AWS accounts into a streamlined live pool of tickets sorted by priority that we can take immediate action on?

https://redd.it/su1ur1
@r_devops

Pure sh bible – Posix sh alternatives to external processes

I thought the r/devops subreddit might be interested in this project I just found!

https://github.com/dylanaraps/pure-sh-bible

https://redd.it/su4fzm
@r_devops

TSE Interview!


Hey guys, I have an upcoming technical interview with a game server orchestration company that manages multiplayer games worldwide. This is for a TSE position. I was told that the scope of the interview would mostly be linux/docker questions as well as some kubernetes. Any specific commands/documentations I should know to be more prepared than I’m trying to be? Thanks!

https://redd.it/suamqy
@r_devops

Keeping up with external software releases

I've been wondering how everyone keeps up-to-date with software releases for tools they use.
As an example, recently Terraform introduced some breaking changes in their AWS provider v4.0.0.
And yes, I should be pinning providers!
But it got me thinking, I'd like an automated way to keep up with releases so I don't need to go checking sites. Not all have atom feeds so anyone have any good suggestions?

https://redd.it/su28bt
@r_devops

Looking for the right way to club the AWS credentials in a CI - CD pipeline

Hi, guys!

My application talks to a few AWS services like S3, SQS, SNS, CloudWatch, etc. This application uses credentials that I keep in a text file. This text file is kept manually in each VM for every environment (Dev, Stage, QA, etc) separately.

Now, I want to club this credential file with my CI-CD and remove the text file dependency. What is the right way to do it? Shall I use a key-vault? Or, shall I put it on S3 and then make a call to it?

Kindly suggest.

https://redd.it/sudpwd
@r_devops

Prevent commit ill formatted kubernetes yaml to github

Hi, Is there a way to raise error in IDE for ill formatted k8s yaml definitions before they are committed to github.

https://redd.it/suhere
@r_devops

What might be wrong with my node container?


793 silly tarball trying [email protected] by hash: sha1-m98vIOH0DtRH++JzJmGR/O1RYmw=
794 silly extract [email protected] extracted to /amigos.com/node_modules/deprecated (482ms)
795 silly extract [email protected] extracted to /amigos.com/node_modules/orchestrator (481ms)
796 silly extractTree [email protected] -> /amigos.com/node_modules/end-of-stream
797 silly extractTree [email protected] -> /amigos.com/node_modules/sequencify
798 silly extractTree [email protected] -> /amigos.com/node_modules/stream-consume
799 silly extract @sindresorhus/[email protected] extracted to /amigos.com/node_modules/@sindresorhus/is (999ms)
800 silly extract [email protected] extracted to /amigos.com/node_modules/lodash._root (408ms)
801 silly tarball trying [email protected] by hash: sha1-jhdyBsPICDfYVjLouTWd/osvbq8=
802 silly tarball trying [email protected] by hash: sha1-kM/xnQLgcCf9dn9erT57ldHnOAw=
803 silly tarball trying [email protected] by hash: sha1-pB6tGm1ggc63n2WwYZAbbY89HQ8=
804 silly extract [email protected] extracted to /amigos.com/node_modules/locate-path (352ms)
805 silly extract [email protected] extracted to /amigos.com/node_modules/inherits (374ms)
806 silly extract [email protected] extracted to /amigos.com/node_modules/lodash.isarguments (420ms)
807 silly extract [email protected] extracted to /amigos.com/node_modules/critical/node_modules/load-json-file (352ms)
808 silly extract [email protected] extracted to /amigos.com/node_modules/jsesc (509ms)
809 verbose teardown shutting down workers.
810 info teardown Done in 0s
811 verbose type system
812 verbose stack FetchError: request to https://registry.npmjs.org/readable-stream/-/readable-stream-2.2.10.tgz failed, reason: getaddrinfo EAI_AGAIN registry.npmjs.org:443
812 verbose stack at ClientRequest.req.on.err (/usr/local/lib/node_modules/npm/node_modules/node-fetch-npm/src/index.js:68:14)
812 verbose stack at emitOne (events.js:116:13)
812 verbose stack at ClientRequest.emit (events.js:211:7)
812 verbose stack at TLSSocket.socketErrorListener (_http_client.js:401:9)
812 verbose stack at emitOne (events.js:116:13)
812 verbose stack at TLSSocket.emit (events.js:211:7)
812 verbose stack at emitErrorNT (internal/streams/destroy.js:73:8)
812 verbose stack at _combinedTickCallback (internal/process/next_tick.js:139:11)
812 verbose stack at process._tickCallback (internal/process/next_tick.js:181:9)
813 verbose cwd /amigos.com
814 verbose Linux 5.10.60.1-microsoft-standard-WSL2
815 verbose argv "/usr/local/bin/node" "/usr/local/bin/npm" "ci"
816 verbose node v8.17.0
817 verbose npm v6.13.4
818 error code EAI_AGAIN
819 error errno EAI_AGAIN
820 error request to https://registry.npmjs.org/readable-stream/-/readable-stream-2.2.10.tgz failed, reason: getaddrinfo EAI_AGAIN registry.npmjs.org:443
821 verbose exit [ 1, true ]

My node container that builds my css and js by running a gulpfile no longer worked and my latest error message gave me the above. It was on the 25th of last month. It looks like some DNS error, but I am not sure if it's related to the issue I am having. Running docker-compose run css-make gives me an index.js of 1kb with some bogus content. The js file generated should be 256kb, so I am not sure what's happening here. The docker-container doesn't seem to be running like before. In the past, it would output something on my WSL console every time I changed a js file, now I don't see it at all.

FROM node:8.17

RUN apt-get update \
&& apt-get install -y curl nano socat

https://redd.it/su9oo0
@r_devops