Evaluating cloud computing

Hi all,

I am an information systems management student, currently writing my dissertation about cloud computing adoption for European and US SMEs.

The goal of the dissertation is to potentially create a new cloud onboarding strategy that companies can use when deciding to move their operations from on-premise to the cloud.

Part of the research consists of investigating the organization's experience through the use of an online survey.

If you have been part of a digital transformation that included the adoption of cloud services I would really appreciate if you could spare 15 minutes to share your insights in the following Google Forms Survey: https://forms.gle/9cdNFwJX3DVHCuYG8

Thank you.

https://redd.it/y40cnb
@r_devops

Personal liability in the event of a breach

I was curious what your thoughts are regarding the level of liability devops engineers would have in the event their org was breached. What got me thinking about this is the recent verdict on the Uber CISO : https://www.darkreading.com/attacks-breaches/what-the-uber-breach-verdict-means-for-cisos-in-the-us. Now that guy clearly veered of into active cover up behavior that none of us here would likely succumb to.

Obviously, as a devops engineer, I'm way down the totem pole and but if for example there's a breach and I know my org isn't following the regulations on timely disclosure, does this now mean that I have to automatically consider becoming a whistleblower just so I don't go to jail when the feds come knocking?

https://redd.it/y3xjvm
@r_devops

How should data population/cleanup scripts be ran in production?

I know, how dare I suggest running a script in production. I am a DevOps Engineer, I should never condone such craziness. But the truth is, sometimes a new table is created and needs to be populated with data, or data in an existing table needs to be cleaned up.

In my situation, this is a somewhat common occurrence and the scripts are written by engineers who obviously don't have access to production. We do have proper dev/qa/staging environments where the scripts can be tested. And these are big tables, so the scripts can take hours or even days to run.

What's the best way to allow developers to run these data population/cleanup scripts in production without compromising on security?

https://redd.it/y3yuw4
@r_devops

Best Training Platform?

Hi There,

Over the next 2 years. I want to improve my knowledge of DevOps and all things related.

I currently work in SEO and handle website migrations from one platform to another and have a friend that works in this industry and I want to pivot to this role as it sounds more interesting and I genuinely enjoy talking to him about his job and I'd like to do it.

Anyways.... I need to learn and get qualifications before I apply for junior roles.

What are the best learning platforms for someone looking to get into DevOps?

What about:-

Cloud Guru?
Cloud Academy?
AWS Training Platform?
Udemy?


I am happy to invest money and was originally looking at Cloud Guru but has some bad reviews so don't want to sink money into something that isn't worth it.

So I am turning to a wider group for guidance. Any help would be appreciated.

https://redd.it/y43m0u
@r_devops

In an ideal DevOps setting, where is the people in the loop?

Once you have a DevOps environment, it seems like if you successfully automate the workflows, then only the coding itself and the actual user are the only people in the loop. Is this true? I'm assuming that the pipeline is already established, so I'm not counting that person.

https://redd.it/y42ncb
@r_devops

Is there an Industry Standard CI/CD tool? (or some contenders for that title?)

I've worked a little bit with Azure Devops CI/CD and a little bit with CircleCI CI/CD. Is there an industry standard CI/CD tool yet? Or a few that I should keep my eye on? I'm wondering where I should spend my time learning.

https://redd.it/y4aipe
@r_devops

lightweight and simple worker agents for Windows machines?

Hello. I work for a fairly large Enterprise, we have a solution for zero touch operations as far as permissions, parameters, operation packages, and auditing. But when we need to actually do work within a privileged environment, the guidance is basically roll your own solution.

So we could call out to a web endpoint or run arbitrary.net code with some restrictions to orchestrate the operation end to end, but if for instance I needed to free space periodically on a vm by running a cleanup script, I need some sort of executive on that machine to actually run that script. Does anybody have any simple, ideally free solutions in this space?

Otherwise I'm probably going to leverage our team's familiarity with azure DevOps and just use azure DevOps agents all over the place which are already pretty ubiquitous to do this kind of work and let the orchestrator call into DevOps as a service principle.

https://redd.it/y41zsm
@r_devops

DevOps first job opinion

Hi people!
So, basically I did a bootcamp in Java for 6 months and after that I did one internship for 3 months which was also in Java, but I had contact with docker, Jenkins and k8s. Now, I started applying for a job and after some interviews for Java Developer I suddenly got one job proposal to devOps that I am considering, but it seems more a ETL Developer job than devOps. But I don’t really have experience to tell.

For this job, the company asks for skills in SQL, one OOP language and ETL processes knowledge (ODI). They also mention PL/SQL, Elastic Stack and mediation components.

Do you guys think this is a good first opportunity in devOps? Or should I search another one?

I will have another interview with the company and the team manager and I will ask him, but since I don’t have too much experience I would like to have one point of view from who really knows about this.

Thanks in advance

https://redd.it/y4b8cf
@r_devops

Will ssh certificates will work for windows users?

Hi,
I am currently managing mainly Linux hosts for a development team (test servers and CI/CD hosts).
At the moment I have an ansible playbook which fetches ssh keys from their GitHub profiles and inserts them to the authorizedkeys files every hour. It kind of works, but feels not like an ideal solution. I recently found ssh certificates, e. g. mentioned in https://smallstep.com/blog/use-ssh-certificates/ or https://access.redhat.com/documentation/en-us/redhatenterpriselinux/6/html/deploymentguide/sec-usingopensshcertificateauthentication.
Sounds great so far, just sign public keys and don't require individual keys on all hosts.
But, I also have windows users in the team, does anyone know if it would work for them? Currently, most of them are using putty with ppk files.

Thanks

https://redd.it/y4iedc
@r_devops

A practical guide to reducing monthly cloud spend in AWs

Hi,

I have been wanting to do this for a long time, One of the things that I am really passionate about is using a data driven approach to save money on Cloud spend. The most rewarding jobs I have undertaken in the past are going into an AWS environment and saving money on cloud spend and optimising the best performance for less money!

It's a great value add for any organisation.

Alot of the organisations spend more on fancy tools to try and save money on Monthly cloud spend which I think is pointless as it often outweighs the cost of the money they try and save. Also I have seen tools that don't even check the basics. The data is already there for you in AWS and it's simply a case of extrapolating it using a bit of engineering time which you pay for anyway and the result is that you can often save more money!

Certainly I have seen it a lot here in Reddit, Cost is becoming ever more prevalent in many AWS environments.

Two things to mention, There are copies I will give away for free to those engineers who will agree to read it and implement the savings ideas in their environments and give me feedback and comments, So it would be good to see how much you saved over a month. It would be interesting to gauge feedback.

I have to spend a bit of time mentoring Juniors in the past so I know especially at the moment how the job market is. So I will give away free copies to Junior engineers looking for ideas how to break into the market and some handy tips to increase your chances of standing out when going to for an interview.

If you feel this is you, Feel free to DM me.

Anyway without giving too much away, I have produced a guide for it here.

Amazon Kindle Link

https://redd.it/y4k3w1
@r_devops

European cloud app platform?

Hi there,

I am searching quite a while now for a PaaS with following criteria:

- based in Europe
- automatic horizontal and vertical scaling
- CI/CD build pipeline

Basically managed Kubernetes or app platform like DigitalOcean.

Do you know something similar in Europe?

Just found the new player Zerops and it is promising. IONOS has some interesting offers (but costly).

I would like to know some more experiences in that field.

https://redd.it/y4pn3y
@r_devops

Benefits/drawbacks of edge-based API gateways?

It seems like edge-based API gateways are becoming a trend e.g. Cloudflare API gateway.

Obviously deciding wether to use one would heavily depend on the project requirements.

I’d like to start a discussion about the pros and cons of using an edge-based API gateway versus cluster-based API gateway.

One downside for example, is it overly relies on proprietary software, or a sort of ecosystem.

https://redd.it/y4rivf
@r_devops

Discussion: What about Continuous Delivery and Dave Farley?

I'm in a team of "DevOps Engineers" for a small software company that also offers "DevOps as a Service," (meaning that we do the IaC, pipelines and cloud consulting for third parties). This team grew out of the company's SysAdmin/FrontDesk team and this load is still with the team. Nonetheless, the company does also use our skill in a true DevOps way. We write the pipelines, and the infrastructure code. We consult the application architects on which cloud resources to use for different purposes, what authentication mechanisms to use in a particular cloud and we also mainstream a number of tools to make the developer platform self service. Not to mention that we do the cost estimates for the cloud bill, think about the availability, monitoring and redundancy of deployments. My team has also crafted and implemented disaster recovery plans though I have not done this personally. Also a number of developers make their own deployments with Terraform and some even write their own pipelines.

However, mostly the attitude in my team is that we are responsible only for the IaC and the pipeline, (which we obviously have to discuss with the devs, at least for the build process). Most of us avoid getting into the application code for any reason. Similarly, some devs seem to feel the same about a truly integrated pipeline that automates regression tests, acceptance tests, etc. "We would have to be doing everything ourselves if this was the case," is one objection.

I'm not saying that any of this is wrong or that I am unhappy with it. However, an obvious tension exists with the idea of Continuous Delivery. I am inspired by Dave Farley's Youtube channel, Continuous Delivery, so I understand it as he presents it. Among other things in his opinion DevOps is not someone working with a set of tools, like Jenkins or Terraform. Dave Farley presents a shift-left point of view. He doesn't advocate eliminating separate Dev, Ops and QA roles but I get a sense that he wants everybody on the same team and I guess with multiple skills sets. I have not seen anything like this in action in my short career.

This tension is also obvious on r/devops. To give you my sense, people coming from the Dev world are told not to blame Kubernetes for the complexity of problem it solves, not having been exposed to it. People coming from the Admin world are told that DevOps is a culture and not Cloud Engineering with a pipeline and IaC. I see a split in this subedit and almost anywhere I look about what DevOps is, why it may be needed or beneficial, whether it's Cloud IaC, finops, secops or I don't know what on one side, or whether its a way of understanding the SDLC on the other hand.

So I am perplexed and frustrated, not knowing where to go with this thought. I am hoping that someone treated this issue with some care and would like to share his input. Let me be clear, I don't care about the job market reality much. I would appreciate a principled explanation more. I am also curious about what the impression is on the Continuous Delivery side of the isle. Is anyone actually working in the way for which Dave Farley advocates?

Thank you for your attention and, please, let us discus this politely.

EDIT: Style, syntax edits

https://redd.it/y4od8y
@r_devops

An idea for a tech learning platform. learning with a Devops methodology.

The Problem

I recently wanted to improve my knowledge of Kubernetes, a logical way to do that (I thought) was to go through some of the exam prep.

My thought was if I could find some exam questions, I could fire up a cluster and learn how to answer them by working through the problems. This lead me to the realisation of a problem, and a possible solution.

The problem is that tech based learning is a scam. It places an artificially high bar on self improvement and job mobility.

To improve this situation, we need to fix two areas of study. Learning and exam prep.

Learning a new technical topic is frustrating. You can spend hours watching YouTube, reading blogs but it is hard to find content that has a density that works. It is difficult to know what exactly it is you're looking for if you're very new to the tech. Wouldn't it be better if you could stand up an instance of the tech you're wanting to learn, and then solve problems against it. Solving problems makes learning a lot easier, it gives you something to focus on and work through. More importantly, it gives you something to put into google to find those answers.

Once you've actually managed to learn a tech stack, you come to the highly expensive area of preparing for the exam. which breaks into a more structured learning routine and trying to get a taste of some exam questions you can expect.

To do this, you either need to pay - a lot - or you turn to the darker corners of the internet, and fall down a rabbit hole of torrents, newsreaders, and onion routers.

I believe, as a community, we can do better.

The Solution

The core of the problem we're looking to solve is how to provide guidance for a user approaching a new tech stack. How can we take someone with minimal knowledge of a stack to being a competent operator, without needing any hand holding by somebody more knowledgable.

The tech world has had a fascination with automation for a while now. As an industry we don't like touching things. We don't like repeating ourselves. We want to push a button and walk away and to only be bothered by that again if something goes wrong.

It turns out that automation is the perfect companion for learning. Let's look at how to learn Kubernetes against this type of solution.

The Walkthrough

The project would have some expectations of hardware to run the system on. Whether that is Docker, VMs, or a public cloud account.

There would be detailed instructions of how to get the project running in whichever environment you have available.

Wherever that was, the end result would be a running Kubernetes cluster and a web frontend. The frontend would provide a selection of learning paths. Once one is selected you would be given a task to complete on the Kubernetes cluster. Once completed you would go back to the frontend and tell it you're done. At which point tests would be run to verify whether you had successfully completed the task. If you have you move on to the next one, if you haven't you are told what went wrong and you can go back and try again.

The goal here is to create a framework for the creation of standalone infrastructure / test processes. At this stage there are a lot of details missing, there is a lot of work needed to get the idea to a place where it can be built. But the end goal is a framework that allows anybody to create a question / test package. So for something like Kubernetes you can choose from thousands of learning paths, ranging from very basic introductions to complicated expert level questions.

Exam Prep

This one is a lot easier, let's create a solution that has a whole bunch of free exam prep. Where as a user you can go to a site, log in, and choose a technology to be tested on and are given a bunch of questions you can work through. Either in your own time, or under exam timing criteria.

Let's talk about the money

I hear what you're thinking. Why the hell are you going to time into creating any of this, so some eejit (me) can make a fortune

from it. It is a valid concern.

Firstly, I'm a Devops contractor, I do ok. I'm building this because it is the solution I would want to use to improve my knowledge. I want a place I can spend a weekend learning a new thing, so I can go into a meeting on Monday and sound vaguely like I understand it in order to justify my ridiculous day rate.

Secondly, sure, if it provides some income, that would be nice. Its not the thing that drives the idea for me though. My first principle for this is that everything will live in Github. EVERYTHING. If you want to scroll through the questions, labs, whatever else is there then there will be absolutely no charge to do so. I want this to provide free learning. To everybody.

There will obviously be a money side of it, there will be a pretty frontend that will provide some value add to the Github source. For that there will be some manner of subscription model. (I'd still like the core questions / labs to be free though) I've not thought about this part of things much, I'd hope as a community we would figure that out when it is needed.

The goal is that at some point it will start to make money and once expenses are paid then that money should be yours. if you write a question / lab that is popular (by whatever metric) then you should be paid for that.

So, open source, free learning. Developed by paid content creators.

Who would like to help me build that?

https://redd.it/y4w18w
@r_devops

Where can I find source code that I can practice devops with?

I'm beginner to devops world, and when I want to learn something I practice it. I used TailwindTraders.Website source code by MSFT to learn terrafrom and github actions, to provision, build and deploy the website. But, unfortunately the code is not maintained and many of the dependencies are deprecated, so the code didn't even build. Where can I find a good resource to practice without worrying about dependencies and fixing them, instead focus on what I'm trying to learn?

https://redd.it/y4xgip
@r_devops

Chance to switch over to Application Security

I've been in DevOps space for 3.5+ years now. I've been incredibly lucky to be where I am now and to make what I make for my years of experience. I am a tech lead, but I end up getting pulling into a bit of everything. I do a lot of SRE type work, a lot of monitoring, IaaC/infra, but also system design and architectural work and pipeline and deployment. I pick things up extremely quickly, so I have excelled at this position. However, the politics and sword waving has made me apathetic and I am still on-call and am the go to person for anything and everything.

​

I work very closely with a lot of the developers, I will often help them solve networking issues, build issues, or even debug code in production stuff. One of the directors of a group has basically said they have a position with me in mind for an application security role, the first in the company. I wouldn't be doing "devops" stuff, but I would be looking at code, security scans, working within sprints with multiple different groups, he even brought up potentially pentesting type things. I have my career trajectory figured out pretty well for what I do in infra/devops, but this is a totally different area for me.

​

I have often felt like I would make a good SDE or similar, and I know that a lot of high paying SRE/devops jobs are looking for people with SDE background or experience. I feel like this could be a good segue to get more experience in security and code side, and then possible return to the "other side" as a DevSecOps person and be much more competitive. I do enjoy what I do, but there is a ton of stress and off hours work, as well as hand-holding, tooooons of customer support since we deal with so much. This new position would possibly even be a pay raise as well, even though I just got a big one. My boss already knows about this, so I'm not worried about being discovered or anything.

​

What does everyone here think? Any input would be good. I didn't go into too much detail as I'm sure I could be recognized, but I can give me info if needed.

View Poll

https://redd.it/y4zfhs
@r_devops

What are the production level issues that you've faced/fixed and are very proud of?

Please enlighten us with something that you've fixed or faced that everyone can learn from.

https://redd.it/y42l2l
@r_devops

Proxmox, packer Ubuntu autoinstall

Hi all,

I've been working through multiple issues the past few days trying to learn some devops tools in my own homelab. The end state is to have my self hosted gitlab run packer and terraform jobs with the gitlab runner I have on a kubernetes cluster.

I have gotten almost all of it in a working but not perfect state. The issue I'm having right now is packer spins up an http server to talk to proxmox during the automatic install when adding a cloud-init option.

From the documentation you can add the user-data file needed to a cd\_file declared in your hcl. However when I do this the gitlab runner gives the following error. I've looked at similar issues on hashicorps website and their packer documentation. Now I turn to you all for a little advice. I picked this up this week and feel unworthy of even posting in here, lol. Thanks for any guidance in advance.

```
Unsupported argument cd_files is not expected here.
```
```
# Ubuntu Server jammy
# ---
# Packer Template to create an Ubuntu Server (jammy) on Proxmox

# Variable Definitions


# Resource Definiation for the VM Template
source "proxmox" "ubuntu-server-jammy" {

# Proxmox Connection Settings
proxmox_url = var.proxmox_api_url
username = var.proxmox_api_token_id
token = var.proxmox_api_token_secret
# (Optional) Skip TLS Verification
insecure_skip_tls_verify = true

# VM General Settings
node = "hv1"
vm_id = "9006"
vm_name = "Hashi-ubuntu-server-jammy-1"
template_description = "Hashistack"

# VM OS Settings
# (Option 1) Local ISO File
# iso_file = "local:iso/ubuntu-22.04-live-server-amd64.iso"
# - or -
# (Option 2) Download ISO
iso_url = "https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso"
iso_checksum = "10f19c5b2b8d6db711582e0e27f5116296c34fe4b313ba45f9b201a5007056cb"
iso_storage_pool = "ISO_Storage" # Specify your storage pool
unmount_iso = true

# VM System Settings
qemu_agent = true

# VM Hard Disk Settings
scsi_controller = "virtio-scsi-pci"

disks {
disk_size = "20G"
format = "raw"
storage_pool = "pool1" #Specify your storage pool
storage_pool_type = "zfs" #Specify pool type
type = "virtio"
}

# VM CPU Settings
cores = "8"

# VM Memory Settings
memory = "16384"

# VM Network Settings
network_adapters {
model = "virtio"
bridge = "vmbr0"
firewall = "false"
}


# VM Cloud-Init Settings
cloud_init = true
cloud_init_storage_pool = "pool1" # Specify your storage pool

# PACKER Boot Commands
boot_command = [
"<esc><wait>",
"e<wait>",
"<down><down><down><end>",
"<bs><bs><bs><bs><wait>",
"autoinstall ds=nocloud-net;s=/cidata/ ---<wait>",
"<f10><wait>"
]

cd_files = ["./http/meta-data", "./http/user-data"]
cd_label = "cidata"
boot = "c"
boot_wait = "5s"

# PACKER Autoinstall Settings
#http_directory = "http"
# (Optional) Bind IP Address and Port
#http_bind_address = "0.0.0.0"
#http_port_min = 8802
#http_port_max = 8802

ssh_username = "ubuntu"

# (Option 1) Add your Password here
ssh_password = "ubuntu"
# - or -
# (Option 2) Add your Private SSH KEY file here
#ssh_private_key_file = "~/.ssh/ansible"

# Raise the timeout, when installation takes longer
ssh_timeout = "20m"
}

# Build Definition to create the VM Template
build {

name = "Hashi-ubuntu-server-jammy"
sources = ["source.proxmox.ubuntu-server-jammy"]

# Provisioning the VM Template for Cloud-Init Integration in Proxmox #1
provisioner "shell" {
inline = [
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
"sudo rm /etc/ssh/ssh_host_*",
"sudo truncate -s 0 /etc/machine-id",
"sudo apt -y autoremove --purge",
"sudo apt -y clean",
"sudo apt -y autoclean",
"sudo cloud-init clean",
"sudo rm -f

/etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
"sudo sync"
]
}

provisioner "shell" {
inline = [
"sudo wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg",
"echo deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main | sudo tee /etc/apt/sources.list.d/hashicorp.list",
"sudo apt update",
"sudo apt install nomad -y",
"sudo apt install consul -y",
"sudo apt install vault -y",
]
}

# Provisioning the VM Template for Cloud-Init Integration in Proxmox #2
provisioner "file" {
source = "99-pve.cfg"
destination = "/tmp/99-pve.cfg"
}

# Provisioning the VM Template for Cloud-Init Integration in Proxmox #3
provisioner "shell" {
inline = ["sudo cp /tmp/99-pve.cfg /etc/cloud/cloud.cfg.d/99-pve.cfg"]
}

# Add additional provisioning scripts here
# ...
}


```

https://redd.it/y52mef
@r_devops

Cloud Agnostic Framework discussions

Where are there good discussion boards on creating cloud agnostic frameworks? Seems like having the ability to move cloud providers quickly and easily to get better performance/price and create more resilience would be top of mind for most companies.

https://redd.it/y40oiv
@r_devops