Best lab environment for practicing Ansible / automation?

I used to write Ansible, and in recent years I haven't. I'd like to practice again, without spinning up loads of VMs. Is there a downloadable / online lab environment that makes it easy to manage small VMs locally? Something like an OCI container that spawns multiple services, etc. Thanks.

https://redd.it/tsyi8x
@r_devops

Download a file from S3 using ansible

I had to work this out and thought I'd share. We needed a way to download files from a non-public s3 bucket to remote instances using local aws credentials (not on the instances).

`playbooks/filter_plugins/presign.py`:

import boto3

def presign(s3_url):
if not s3_url.startswith("s3://"):
return s3_url
path = s3_url.lstrip("s3://")
bucket, key = path.split("/", 1)
session = boto3.Session(profile_name="default")
return session.client("s3").generate_presigned_url(
"get_object", Params={"Bucket": bucket, "Key": key}
)

class FilterModule:
def filters(self):
return {"presign": presign}

usage:

- name: get s3 file
get_url:
url: "{{ 's3://bucket/key.tar.gz' | presign }}"
dest: /tmp/key.tar.gz

https://redd.it/tt6tr5
@r_devops

Just started using Argo-CD... BRUH

How have I never used this amazing tool. It literally makes DevOps and GitOps so easy.

https://redd.it/tt4oc5
@r_devops

RFC for Breeze--a structure Cloud-As-Code language

Hi folks!

I'm soliciting feedback for a new cloud-as-code that is cloud-agnostic, statically-typed and constraint-solving (can catch a ton of deployment errors before they ever happen). This will be 100% open-source and retargetable (you can generate Terraform or whatever if a backend supports it), but I'd love some feedback. I know there will be a lot of "argh not another technology to learn", but the goal of this is to really be able to quickly and easily deploy infrastructure and applications in a cloud-agnostic fashion while integrating secrets and property management.

A straw-man is available at https://github.com/sunshower-io/breeze. The status is that the runtime and module system are complete and deployed in a wide variety of environments, but are still proprietary.

This will be 100% open-source with parsers available for Go, TypeScript, and Java. We will probably support CloudFormation and ResourceManager first, but I'll certainly consider Terraform generation if there's sufficient interest.


Edit: I should also note that an overarching design goal is to have this generated from a visual modeler. Having done this several times, it's just easier to hook into an actual language than to try to extract stuff from a general-purpose intermediate like JSON/XML/YAML.

https://redd.it/tt8ysw
@r_devops

GUI for scheduled db/data backups (and restore)?

As in the title, I’ve been trying to Google my way to something I can run in Portainer and use to schedule, monitor and possibly restore or rollback data directories and (no)/SQL database dumps. The backup sources would be in docker containers and the destination either a local data directory or S3 compatible storage.

I’m picturing nice easy forms for choosing backup frequency, inputting backup commands if they’re needed for database exports, and easy to read lists of backups.

I feel like this most likely exists in some form already but I’m finding myself in search keyword hell looking for the right tool for the job. Does anyone know if it’s real? Please don’t tell me I’d need to code it myself haha

https://redd.it/ttdjg2
@r_devops

So Many Unqualified Candidates

Just wondering if any of you are finding qualified candidates for mid to sr level DevOps engineers? And if so, where are you looking?

We've been looking for a few months now and it seems to be a cavalcade of severely unqualified candidates, even for basic entry-level type roles. It feels like the bar is very low when it comes to what a DevOps engineer is exactly. Building a CI/CD pipeline in Jenkins and running a few instances in AWS, in my opinion, does not make one a DevOps Engineer.

Now, I may be putting too much on the role by expecting a certain competency level in fundamental knowledge of cloud infrastructure such as containerization, micro-services, basic application (Java/Tomcat) knowledge, and the importance of network engineering that goes into building a solid and redundant cloud infrastructure. If so, y'all please let me know how I can better level-set my expectations.

As far as pay scale, we're offering mid-tier for what most DevOps roles are going for so I don't think that's what is turning off qualified candidates, maybe we're just looking in the wrong place (indeed / LinkedIn)?

https://redd.it/tskutn
@r_devops

Oauth2 token concurrency?

Hi, We are doing business with a new API provider, who has a concurrency limit for Oauth2 bearer tokens - only one can exist at a time, and any pre-existing tokens get invalidated if a new one is created, regardless of ttls. This is wreaking havoc, because like everyone else in the world we connect to services from multiple systems. They are like a big provider, they use Apigee.

The vendor wont budge, and I am wondering, is this normal? Is it me thats fucked up?

https://redd.it/tt5x9o
@r_devops

Does this group provide 📌 articles?

I am wondering if this group provides or would consider providing a PIN or link to FAQs?

This post is my vote of support.

https://redd.it/tsz90f
@r_devops

DevOp Jobs that pay 200k TC in gov contracting

Wondering if anyone here is in gov contracting and has seen people making over 200k total comp. Just trying to see if it is somehow possible in the world of gov contracting. Potentially remote or are they all in SCIFs?

https://redd.it/tsmuq8
@r_devops

🚀 Tekton CI/CD simple start ✌️

Simple start with https://tekton.dev seems not to be that easy? I have a series of blog posts that can help you get started and find your way around with a running sample project.

https://blog.codecentric.de/en/2022/01/tekton-cloud-native-ci-cd-pragmatic-intro/

https://blog.codecentric.de/en/2022/02/tekton-buildpack-pipeline/

https://blog.codecentric.de/en/2022/03/tekton-triggers-in-practice/

You can also find an article here where I show you a project with a Tekton bootstrapping and testing approach.

https://redd.it/ttnwfn
@r_devops

how you have v1 and v2 of apps running in k8s using helm

Basically, how are people managing their deployments of apps that have a clear defined v1 and v2 endpoints which are deployed to kubernetes via helm charts.

I can see that I can create ingress objects with different paths to get to the backend services but wondering how people achieve internal cluster communication to v1 of something (ideally without svc-v1 being the name, unless this is the only way)

https://redd.it/ttna8y
@r_devops

Making DevOps deployment decisions in a university group project

## Background
- Doing a final year group project for computer science at university
- Services are being developed in the same GitLab repo, each can be run in Docker and automated by docker-compose
- Frontend web server
- NodeJS API server
- Python machine learning instance
- MySQL Database server
- Project is being developed for another university department who would like it deployed on an existing server in their office which contains a database that must remain
- Server is running Ubuntu LTS but they've asked if we can ensure the server / automation to get it up and running works on Windows and macOS too
- Working on a basic GitLab CI/CD pipeline for automated testing, would be nice to have automated deployment but unsure how feasible given the production environment

## Question
Given the above, it appears everything should work just deploying with docker-compose, but I have my doubts about whether it's safe or sufficiently performant to keep MySQL in a docker container (don't worry, I'm using bind mounts), or indeed whether it's even worth putting a Python machine learning instance in Docker. I've been reading about Terraform, and I'd love an excuse to learn it if I removed MySQL from being a container.

What would you do in this instance? Would Terraform work if they decided to suddenly run the server on Windows or macOS? Is it normal for a client to want future flexibility to run a server-side application on a different OS?


Just trying to get into DevOps and learn as much as I can to find jobs after graduation - would appreciate any advice, thanks!

https://redd.it/ttnqh8
@r_devops

🛡 GitHub Action Tutorial: Hardening Containers with Seccomp Filters 🛡

Learn how to generate a Seccomp filter in the CI to whitelist regular application syscalls:

https://blog.gitguardian.com/securing-containers-with-seccomp-part-2/

https://redd.it/tttdgb
@r_devops

I was unexpectedly offered a senior role

A few days ago, I received an email about a new VC-backed start-up hiring a Tech Lead with competitive salary + equity to eventually be promoted to head of engineering or CTO and they offered the job to me. They expect the role to at first develop the initial internal infrastructure and train juniors and then move onto management. I am nervous because I am not even sure if I fit in such a senior position, I only have a couple years of DevOps and management experience. I have been developing software for 5-6 years. Am I being nervous for no reason or is this a role that I may actually not be qualified for? Can anyone else with similar experience share their thoughts?

https://redd.it/ttsby9
@r_devops

Need Help

My two friends are starting to learn devops, they have zero background in IT industry, I have been software engineer for over a decade and I am well versed with Linux, containers, cloud etc. Their are counting on me and I am looking for absolute beginner video courses for them for DevOps. Anyone knows good place to start, keep in mind they are rookies :)

​

Thanks.

https://redd.it/ttw6gh
@r_devops

How to restrict access to only internet network end point group?

Hello All,

I have two projects A and B. I am running my future workload in project B that is behind a GLB and through an Nginx proxy. In order for me to send requests from project A to project B, I am using an internet network end point group pointing to the GLB of project B(this is part of the migration plan so one backend it removed and other is attached to go to project through INEG). Now on project B I have a security policy that is attached to the backend service which does a deny all expect a few whitelisted IP's that need to hit our service. At this point unless I open project B to internet, requests from project A's GLB backend internet network end point group are getting blocked. The questions is what ip ranges of google does an internet end point group use and how do i allow it in project B locking it to be accessible from project A.

PS: I have enabled trueclient-ip at nginx in project B but that has too many public IP's its hard to figure it out and not certain if all are captured for me to set up a rule against it in security policy(cloud armor).

Thanks!

https://redd.it/ttxawl
@r_devops

do devops folks hate ruby for ci/CD? Also, is nodejs or Python more preferable than the other?

I've been in a work environment and DevOps folks seem to hate Ruby for some reason when it comes to pipeline related code. Is that pretty common?

I was also curious if for Devops related work in general, when it comes to Python and NodeJs is one more universally used than the other? I've heard Go is used.Ultimately it may depend where/what one is working on.

https://redd.it/tu181y
@r_devops

What tools did you discover that made your work so much easier for DevOps & SRE

Tips and tricks are welcomed as well!

https://redd.it/tu6gvm
@r_devops

how to automate updating docker containers with jenkins (if it's possible)

Hello Community,

I work for a payment service company as a j. application manager. In recent times, I was frequently being asked to automate things that we do manually. The topic is: Our servers are in the internal network which makes it impossible to pull docker images from the docker hub. Only we way getting them from our internal artifactory repo. Whenever there is a newer version of apache httpd image I have to pull images from artifactory and update each container in our 4 non-prod and 1 prod env which is sometimes really tiring. And I was told that I should start automating it with the Jenkins pipeline. How can I create a pipeline in Jenkins that every day it checks if there is an available new version of httpd docker image in artifactory, if yes it pulls the image and updates the container on each server? Do you think automating it would be longer and a waste of time I mean writing bash script, etc? I would love to see here your suggestions as well.

Thanks in advance

https://redd.it/tuhjc5
@r_devops

CI 101

Hi!


I was recently assigned to do a presentation about continuous integration, say the basics.
I quite familiar with CI as a dev, but still I find it to be a broad field and rather hard to get the grisp of it.I'm thinking about focusing about workflows and have a template based pres.


Do you have any tips or cool ideas I should consider? Know the pres will be given to devs.

https://redd.it/tuiht7
@r_devops

Multiple roles

I was recently hired and assigned as DevOps engineer.

As the project soon started and our team was planning. I was surprised that now I have now two roles for that project.

Management assigned me as DevOps and now a web developer for that project.

I discussed with the team lead and says that deployment should be at the end of the project cycle, so what should I be doing before that?

I'm not sure I should be doing the two roles, even by that I'm not even confident enough to fulfill the web developer tasks.

What should I do in this situation? Should I wing it? Give up and apply for resignation?

https://redd.it/tu8w63
@r_devops