lightweight and simple worker agents for Windows machines?

Hello. I work for a fairly large Enterprise, we have a solution for zero touch operations as far as permissions, parameters, operation packages, and auditing. But when we need to actually do work within a privileged environment, the guidance is basically roll your own solution.

So we could call out to a web endpoint or run arbitrary.net code with some restrictions to orchestrate the operation end to end, but if for instance I needed to free space periodically on a vm by running a cleanup script, I need some sort of executive on that machine to actually run that script. Does anybody have any simple, ideally free solutions in this space?

Otherwise I'm probably going to leverage our team's familiarity with azure DevOps and just use azure DevOps agents all over the place which are already pretty ubiquitous to do this kind of work and let the orchestrator call into DevOps as a service principle.

https://redd.it/y41zsm
@r_devops

DevOps first job opinion

Hi people!
So, basically I did a bootcamp in Java for 6 months and after that I did one internship for 3 months which was also in Java, but I had contact with docker, Jenkins and k8s. Now, I started applying for a job and after some interviews for Java Developer I suddenly got one job proposal to devOps that I am considering, but it seems more a ETL Developer job than devOps. But I don’t really have experience to tell.

For this job, the company asks for skills in SQL, one OOP language and ETL processes knowledge (ODI). They also mention PL/SQL, Elastic Stack and mediation components.

Do you guys think this is a good first opportunity in devOps? Or should I search another one?

I will have another interview with the company and the team manager and I will ask him, but since I don’t have too much experience I would like to have one point of view from who really knows about this.

Thanks in advance

https://redd.it/y4b8cf
@r_devops

Will ssh certificates will work for windows users?

Hi,
I am currently managing mainly Linux hosts for a development team (test servers and CI/CD hosts).
At the moment I have an ansible playbook which fetches ssh keys from their GitHub profiles and inserts them to the authorizedkeys files every hour. It kind of works, but feels not like an ideal solution. I recently found ssh certificates, e. g. mentioned in https://smallstep.com/blog/use-ssh-certificates/ or https://access.redhat.com/documentation/en-us/redhatenterpriselinux/6/html/deploymentguide/sec-usingopensshcertificateauthentication.
Sounds great so far, just sign public keys and don't require individual keys on all hosts.
But, I also have windows users in the team, does anyone know if it would work for them? Currently, most of them are using putty with ppk files.

Thanks

https://redd.it/y4iedc
@r_devops

A practical guide to reducing monthly cloud spend in AWs

Hi,

I have been wanting to do this for a long time, One of the things that I am really passionate about is using a data driven approach to save money on Cloud spend. The most rewarding jobs I have undertaken in the past are going into an AWS environment and saving money on cloud spend and optimising the best performance for less money!

It's a great value add for any organisation.

Alot of the organisations spend more on fancy tools to try and save money on Monthly cloud spend which I think is pointless as it often outweighs the cost of the money they try and save. Also I have seen tools that don't even check the basics. The data is already there for you in AWS and it's simply a case of extrapolating it using a bit of engineering time which you pay for anyway and the result is that you can often save more money!

Certainly I have seen it a lot here in Reddit, Cost is becoming ever more prevalent in many AWS environments.

Two things to mention, There are copies I will give away for free to those engineers who will agree to read it and implement the savings ideas in their environments and give me feedback and comments, So it would be good to see how much you saved over a month. It would be interesting to gauge feedback.

I have to spend a bit of time mentoring Juniors in the past so I know especially at the moment how the job market is. So I will give away free copies to Junior engineers looking for ideas how to break into the market and some handy tips to increase your chances of standing out when going to for an interview.

If you feel this is you, Feel free to DM me.

Anyway without giving too much away, I have produced a guide for it here.

Amazon Kindle Link

https://redd.it/y4k3w1
@r_devops

European cloud app platform?

Hi there,

I am searching quite a while now for a PaaS with following criteria:

- based in Europe
- automatic horizontal and vertical scaling
- CI/CD build pipeline

Basically managed Kubernetes or app platform like DigitalOcean.

Do you know something similar in Europe?

Just found the new player Zerops and it is promising. IONOS has some interesting offers (but costly).

I would like to know some more experiences in that field.

https://redd.it/y4pn3y
@r_devops

Benefits/drawbacks of edge-based API gateways?

It seems like edge-based API gateways are becoming a trend e.g. Cloudflare API gateway.

Obviously deciding wether to use one would heavily depend on the project requirements.

I’d like to start a discussion about the pros and cons of using an edge-based API gateway versus cluster-based API gateway.

One downside for example, is it overly relies on proprietary software, or a sort of ecosystem.

https://redd.it/y4rivf
@r_devops

Discussion: What about Continuous Delivery and Dave Farley?

I'm in a team of "DevOps Engineers" for a small software company that also offers "DevOps as a Service," (meaning that we do the IaC, pipelines and cloud consulting for third parties). This team grew out of the company's SysAdmin/FrontDesk team and this load is still with the team. Nonetheless, the company does also use our skill in a true DevOps way. We write the pipelines, and the infrastructure code. We consult the application architects on which cloud resources to use for different purposes, what authentication mechanisms to use in a particular cloud and we also mainstream a number of tools to make the developer platform self service. Not to mention that we do the cost estimates for the cloud bill, think about the availability, monitoring and redundancy of deployments. My team has also crafted and implemented disaster recovery plans though I have not done this personally. Also a number of developers make their own deployments with Terraform and some even write their own pipelines.

However, mostly the attitude in my team is that we are responsible only for the IaC and the pipeline, (which we obviously have to discuss with the devs, at least for the build process). Most of us avoid getting into the application code for any reason. Similarly, some devs seem to feel the same about a truly integrated pipeline that automates regression tests, acceptance tests, etc. "We would have to be doing everything ourselves if this was the case," is one objection.

I'm not saying that any of this is wrong or that I am unhappy with it. However, an obvious tension exists with the idea of Continuous Delivery. I am inspired by Dave Farley's Youtube channel, Continuous Delivery, so I understand it as he presents it. Among other things in his opinion DevOps is not someone working with a set of tools, like Jenkins or Terraform. Dave Farley presents a shift-left point of view. He doesn't advocate eliminating separate Dev, Ops and QA roles but I get a sense that he wants everybody on the same team and I guess with multiple skills sets. I have not seen anything like this in action in my short career.

This tension is also obvious on r/devops. To give you my sense, people coming from the Dev world are told not to blame Kubernetes for the complexity of problem it solves, not having been exposed to it. People coming from the Admin world are told that DevOps is a culture and not Cloud Engineering with a pipeline and IaC. I see a split in this subedit and almost anywhere I look about what DevOps is, why it may be needed or beneficial, whether it's Cloud IaC, finops, secops or I don't know what on one side, or whether its a way of understanding the SDLC on the other hand.

So I am perplexed and frustrated, not knowing where to go with this thought. I am hoping that someone treated this issue with some care and would like to share his input. Let me be clear, I don't care about the job market reality much. I would appreciate a principled explanation more. I am also curious about what the impression is on the Continuous Delivery side of the isle. Is anyone actually working in the way for which Dave Farley advocates?

Thank you for your attention and, please, let us discus this politely.

EDIT: Style, syntax edits

https://redd.it/y4od8y
@r_devops

An idea for a tech learning platform. learning with a Devops methodology.

The Problem

I recently wanted to improve my knowledge of Kubernetes, a logical way to do that (I thought) was to go through some of the exam prep.

My thought was if I could find some exam questions, I could fire up a cluster and learn how to answer them by working through the problems. This lead me to the realisation of a problem, and a possible solution.

The problem is that tech based learning is a scam. It places an artificially high bar on self improvement and job mobility.

To improve this situation, we need to fix two areas of study. Learning and exam prep.

Learning a new technical topic is frustrating. You can spend hours watching YouTube, reading blogs but it is hard to find content that has a density that works. It is difficult to know what exactly it is you're looking for if you're very new to the tech. Wouldn't it be better if you could stand up an instance of the tech you're wanting to learn, and then solve problems against it. Solving problems makes learning a lot easier, it gives you something to focus on and work through. More importantly, it gives you something to put into google to find those answers.

Once you've actually managed to learn a tech stack, you come to the highly expensive area of preparing for the exam. which breaks into a more structured learning routine and trying to get a taste of some exam questions you can expect.

To do this, you either need to pay - a lot - or you turn to the darker corners of the internet, and fall down a rabbit hole of torrents, newsreaders, and onion routers.

I believe, as a community, we can do better.

The Solution

The core of the problem we're looking to solve is how to provide guidance for a user approaching a new tech stack. How can we take someone with minimal knowledge of a stack to being a competent operator, without needing any hand holding by somebody more knowledgable.

The tech world has had a fascination with automation for a while now. As an industry we don't like touching things. We don't like repeating ourselves. We want to push a button and walk away and to only be bothered by that again if something goes wrong.

It turns out that automation is the perfect companion for learning. Let's look at how to learn Kubernetes against this type of solution.

The Walkthrough

The project would have some expectations of hardware to run the system on. Whether that is Docker, VMs, or a public cloud account.

There would be detailed instructions of how to get the project running in whichever environment you have available.

Wherever that was, the end result would be a running Kubernetes cluster and a web frontend. The frontend would provide a selection of learning paths. Once one is selected you would be given a task to complete on the Kubernetes cluster. Once completed you would go back to the frontend and tell it you're done. At which point tests would be run to verify whether you had successfully completed the task. If you have you move on to the next one, if you haven't you are told what went wrong and you can go back and try again.

The goal here is to create a framework for the creation of standalone infrastructure / test processes. At this stage there are a lot of details missing, there is a lot of work needed to get the idea to a place where it can be built. But the end goal is a framework that allows anybody to create a question / test package. So for something like Kubernetes you can choose from thousands of learning paths, ranging from very basic introductions to complicated expert level questions.

Exam Prep

This one is a lot easier, let's create a solution that has a whole bunch of free exam prep. Where as a user you can go to a site, log in, and choose a technology to be tested on and are given a bunch of questions you can work through. Either in your own time, or under exam timing criteria.

Let's talk about the money

I hear what you're thinking. Why the hell are you going to time into creating any of this, so some eejit (me) can make a fortune

from it. It is a valid concern.

Firstly, I'm a Devops contractor, I do ok. I'm building this because it is the solution I would want to use to improve my knowledge. I want a place I can spend a weekend learning a new thing, so I can go into a meeting on Monday and sound vaguely like I understand it in order to justify my ridiculous day rate.

Secondly, sure, if it provides some income, that would be nice. Its not the thing that drives the idea for me though. My first principle for this is that everything will live in Github. EVERYTHING. If you want to scroll through the questions, labs, whatever else is there then there will be absolutely no charge to do so. I want this to provide free learning. To everybody.

There will obviously be a money side of it, there will be a pretty frontend that will provide some value add to the Github source. For that there will be some manner of subscription model. (I'd still like the core questions / labs to be free though) I've not thought about this part of things much, I'd hope as a community we would figure that out when it is needed.

The goal is that at some point it will start to make money and once expenses are paid then that money should be yours. if you write a question / lab that is popular (by whatever metric) then you should be paid for that.

So, open source, free learning. Developed by paid content creators.

Who would like to help me build that?

https://redd.it/y4w18w
@r_devops

Where can I find source code that I can practice devops with?

I'm beginner to devops world, and when I want to learn something I practice it. I used TailwindTraders.Website source code by MSFT to learn terrafrom and github actions, to provision, build and deploy the website. But, unfortunately the code is not maintained and many of the dependencies are deprecated, so the code didn't even build. Where can I find a good resource to practice without worrying about dependencies and fixing them, instead focus on what I'm trying to learn?

https://redd.it/y4xgip
@r_devops

Chance to switch over to Application Security

I've been in DevOps space for 3.5+ years now. I've been incredibly lucky to be where I am now and to make what I make for my years of experience. I am a tech lead, but I end up getting pulling into a bit of everything. I do a lot of SRE type work, a lot of monitoring, IaaC/infra, but also system design and architectural work and pipeline and deployment. I pick things up extremely quickly, so I have excelled at this position. However, the politics and sword waving has made me apathetic and I am still on-call and am the go to person for anything and everything.

​

I work very closely with a lot of the developers, I will often help them solve networking issues, build issues, or even debug code in production stuff. One of the directors of a group has basically said they have a position with me in mind for an application security role, the first in the company. I wouldn't be doing "devops" stuff, but I would be looking at code, security scans, working within sprints with multiple different groups, he even brought up potentially pentesting type things. I have my career trajectory figured out pretty well for what I do in infra/devops, but this is a totally different area for me.

​

I have often felt like I would make a good SDE or similar, and I know that a lot of high paying SRE/devops jobs are looking for people with SDE background or experience. I feel like this could be a good segue to get more experience in security and code side, and then possible return to the "other side" as a DevSecOps person and be much more competitive. I do enjoy what I do, but there is a ton of stress and off hours work, as well as hand-holding, tooooons of customer support since we deal with so much. This new position would possibly even be a pay raise as well, even though I just got a big one. My boss already knows about this, so I'm not worried about being discovered or anything.

​

What does everyone here think? Any input would be good. I didn't go into too much detail as I'm sure I could be recognized, but I can give me info if needed.

View Poll

https://redd.it/y4zfhs
@r_devops

What are the production level issues that you've faced/fixed and are very proud of?

Please enlighten us with something that you've fixed or faced that everyone can learn from.

https://redd.it/y42l2l
@r_devops

Proxmox, packer Ubuntu autoinstall

Hi all,

I've been working through multiple issues the past few days trying to learn some devops tools in my own homelab. The end state is to have my self hosted gitlab run packer and terraform jobs with the gitlab runner I have on a kubernetes cluster.

I have gotten almost all of it in a working but not perfect state. The issue I'm having right now is packer spins up an http server to talk to proxmox during the automatic install when adding a cloud-init option.

From the documentation you can add the user-data file needed to a cd\_file declared in your hcl. However when I do this the gitlab runner gives the following error. I've looked at similar issues on hashicorps website and their packer documentation. Now I turn to you all for a little advice. I picked this up this week and feel unworthy of even posting in here, lol. Thanks for any guidance in advance.

```
Unsupported argument cd_files is not expected here.
```
```
# Ubuntu Server jammy
# ---
# Packer Template to create an Ubuntu Server (jammy) on Proxmox

# Variable Definitions


# Resource Definiation for the VM Template
source "proxmox" "ubuntu-server-jammy" {

# Proxmox Connection Settings
proxmox_url = var.proxmox_api_url
username = var.proxmox_api_token_id
token = var.proxmox_api_token_secret
# (Optional) Skip TLS Verification
insecure_skip_tls_verify = true

# VM General Settings
node = "hv1"
vm_id = "9006"
vm_name = "Hashi-ubuntu-server-jammy-1"
template_description = "Hashistack"

# VM OS Settings
# (Option 1) Local ISO File
# iso_file = "local:iso/ubuntu-22.04-live-server-amd64.iso"
# - or -
# (Option 2) Download ISO
iso_url = "https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso"
iso_checksum = "10f19c5b2b8d6db711582e0e27f5116296c34fe4b313ba45f9b201a5007056cb"
iso_storage_pool = "ISO_Storage" # Specify your storage pool
unmount_iso = true

# VM System Settings
qemu_agent = true

# VM Hard Disk Settings
scsi_controller = "virtio-scsi-pci"

disks {
disk_size = "20G"
format = "raw"
storage_pool = "pool1" #Specify your storage pool
storage_pool_type = "zfs" #Specify pool type
type = "virtio"
}

# VM CPU Settings
cores = "8"

# VM Memory Settings
memory = "16384"

# VM Network Settings
network_adapters {
model = "virtio"
bridge = "vmbr0"
firewall = "false"
}


# VM Cloud-Init Settings
cloud_init = true
cloud_init_storage_pool = "pool1" # Specify your storage pool

# PACKER Boot Commands
boot_command = [
"<esc><wait>",
"e<wait>",
"<down><down><down><end>",
"<bs><bs><bs><bs><wait>",
"autoinstall ds=nocloud-net;s=/cidata/ ---<wait>",
"<f10><wait>"
]

cd_files = ["./http/meta-data", "./http/user-data"]
cd_label = "cidata"
boot = "c"
boot_wait = "5s"

# PACKER Autoinstall Settings
#http_directory = "http"
# (Optional) Bind IP Address and Port
#http_bind_address = "0.0.0.0"
#http_port_min = 8802
#http_port_max = 8802

ssh_username = "ubuntu"

# (Option 1) Add your Password here
ssh_password = "ubuntu"
# - or -
# (Option 2) Add your Private SSH KEY file here
#ssh_private_key_file = "~/.ssh/ansible"

# Raise the timeout, when installation takes longer
ssh_timeout = "20m"
}

# Build Definition to create the VM Template
build {

name = "Hashi-ubuntu-server-jammy"
sources = ["source.proxmox.ubuntu-server-jammy"]

# Provisioning the VM Template for Cloud-Init Integration in Proxmox #1
provisioner "shell" {
inline = [
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
"sudo rm /etc/ssh/ssh_host_*",
"sudo truncate -s 0 /etc/machine-id",
"sudo apt -y autoremove --purge",
"sudo apt -y clean",
"sudo apt -y autoclean",
"sudo cloud-init clean",
"sudo rm -f

/etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
"sudo sync"
]
}

provisioner "shell" {
inline = [
"sudo wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg",
"echo deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main | sudo tee /etc/apt/sources.list.d/hashicorp.list",
"sudo apt update",
"sudo apt install nomad -y",
"sudo apt install consul -y",
"sudo apt install vault -y",
]
}

# Provisioning the VM Template for Cloud-Init Integration in Proxmox #2
provisioner "file" {
source = "99-pve.cfg"
destination = "/tmp/99-pve.cfg"
}

# Provisioning the VM Template for Cloud-Init Integration in Proxmox #3
provisioner "shell" {
inline = ["sudo cp /tmp/99-pve.cfg /etc/cloud/cloud.cfg.d/99-pve.cfg"]
}

# Add additional provisioning scripts here
# ...
}


```

https://redd.it/y52mef
@r_devops

Cloud Agnostic Framework discussions

Where are there good discussion boards on creating cloud agnostic frameworks? Seems like having the ability to move cloud providers quickly and easily to get better performance/price and create more resilience would be top of mind for most companies.

https://redd.it/y40oiv
@r_devops

Help me, Obi-Wan Dev-obi....

So a little background: I am a moderately experienced IT support tech/system administrator who, about a year ago, completed my BS in Cloud Computing and Systems Administration from WGU.

Now, however you feel about that degree, school, what exactly 'moderately experienced' means is all well and good. But what I'd appreciate is some advice and maybe guidance if possible. I'm trying to expand my wheelhouse and get into cloud services, automation, etc.

The big problem i'm running into is that I lack the 'required' amount of experience or any proof that I can do the job at hand. So, the real question I am asking:

What are some programs/courses (think LinkedIn Learning, Udemy, etc) that I can follow or projects I might consider that I can use?

Thanks for any and all information. Ya boy appreciates ya.

https://redd.it/y421wp
@r_devops

Why is EKS (and AWS in general) so much more convoluted than GKE/GCP?

Due to free credits running out, I'm in the process of moving my company's small kubernetes cluster from GKE to EKS. I'm using terraform for replication across environments.

&#x200B;

Starting on GKE was really simple. I was able to use the raw GCP provider to set things up. The cluster really worked out of the box. Autoscaler included. Networking just worked. Typically, you may have to enable APIs along the way, but nothing crazy...

&#x200B;

My EKS experience has been hell. The number of small pieces you have to configure is pretty ridiculous imo. The auth system is annoying. I didn't even try to get cluster autoscaling set up and wen with the terrform blueprints: https://github.com/aws-ia/terraform-aws-eks-blueprints .It really feels like AWS is designed to help enterprises fill out their headcount.

&#x200B;

I'm just wondering why the experience seem SO much different between the two cloud providers. You would think they would want user experience parity.

https://redd.it/y5am95
@r_devops

How to add in one .htpasswd file in nginx access to two different domain?

Hello
How I can add to /etc/nginx/.htpasswd access for two
difference domain for two difference login and password?

https://redd.it/y5bx0g
@r_devops

Trying to learn pre-commit - how to handle multiple hooks in a small monorepo with different paths?

Let's say I have a monorepo that has the following structure:

\
\app
\file1.py
\file2.py
\terraform
\infra
\terragrunt.hcl
\module
\examples
\README.md
\web
\index.html
.pre-commit-config.yml
.terraform-docs.yml

My goal is to figure out how to target only the "terraform" path with the hooks related to terraform, the "app" path with hooks related to python, and so on. But I also want to keep it all in one .pre-commit-config.yml. Is this doable? If so, where am I going wrong?

.pre-commit-config.yml is as follows:

repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v2.3.0
hooks:
- id: check-yaml
- id: end-of-file-fixer
- id: trailing-whitespace
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.76.0
hooks:
- id: terraformfmt
args: [terraform/]
- id: terraformdocs
args: terraform/module/


And here is my .terraform-docs.yml:

formatter: markdown table
header-from:
recursive:
enabled: true
path: .
output:
file: ../README.md
template: |-
<!-- BEGINTFDOCS -->
{{ .Content }}
<!-- ENDTFDOCS -->
sort:
enabled: true
by: name
settings:
anchor: true
color: true
default: true
description: false
escape: true
hide-empty: false
html: true
indent: 2
lockfile: true
read-comments: true
required: true
sensitive: true
type: true

It seems like it is not respecting the paths I've added as arguments. So some of it works recursively, but it doesn't work to target specific areas of the repo such as the README for the terraform module.

I've been looking at the documentation but it's not really making sense yet.

Any help is appreciated.

https://redd.it/y5gfkb
@r_devops

Novice developer needs advice on pushing code from local to prod

I shouldn't call myself a developer because imo it's a disservice to actual devs. But let me explain my situation.

I have a dev and prod environment in aws. Initially the dev environment was a replica of prod. My workflow was to push the code to the repo, then have Jenkins deploy to the different environments.

Over time as prod became stable, and needed less work, I've developed a bad habit of doing local dev work and deploying directly to the dev environment. Honestly it was because Jenkins was a pain in the ass to maintain.

Now that I'm ready to replicate the dev code to prod I'm at a loss on what to do and how to do it. For example, in the dev repo and environment is a fully "functioning" API with things hard coded that shouldn't be.

I want to deploy the code to prod but make it more secure before doing so. In addition, I don't like Jenkins. I understand it's awesome in small teams or enterprise environments but it's just me, and it's a beast to maintain.

My questions are, should I create a prod branch, remove everything that's hard coded and secure it? Then use bitbucket pipelines to deploy it to the prod environment?

I know this is a trivial thing... But I've forgotten what right looks like.

Any help you can provide would be greatly appreciated.

https://redd.it/y5ih9j
@r_devops

Books for DevOps

Basically the title any good books to get into DevOps i have searched and found that the most recent books are from 2018 or before while the concepts is the same, but I am afraid they maybe be using deprecated technologies in the book. what do you guys think?

https://redd.it/y5n005
@r_devops