Is it possible for Password policy implementation in EC2 Ubuntu os level?



I was suggested by PCI-DSS requirement team to implement Password policy on our ec2 ubuntu servers. They have provided us with this link to follow: https://linuxhint.com/secure\_password\_policies\_ubuntu/

But, it's not working after I follow perfectly, still, I can create new passwords randomly for new users. What can be the issue here? Does ec2 really allow to implement of this on the os level?

https://redd.it/yyf10y
@r_devops

is there such thing as "encrypting" a repo hosted on Github?

Hello,

I was asked to look into encrypting a github repo hosted on github.com. I understand that all data on github's infra is encrypted since they have all their SOC compliance. Has anyone heard of this before? I'm aware of tools to encrypt individual files but not an entire repo...

https://redd.it/yxz8gk
@r_devops

I get this error when I commit with a CircleCi project I just made

no configuration was found in your project. please refer to https://circleci.com/docs/2.0/ to get started with your configuration.

https://redd.it/yxxv33
@r_devops

Was learning Go hard for you?

I spent all week trying to put together a lambda function which AWS already provided the code for but in python. I learned python on my own and figured learning Go would be easy but it's a totally different beast.

https://redd.it/yyjmks
@r_devops

Deep Dive in 5 minutes: How a pod is created?

https://www.youtube.com/watch?v=vv8aT1OdBw4

https://redd.it/yyje96
@r_devops

Does anyone have Server Hardening Document for AWS?

I need server hardening document for AWS as a part of PCI-DSS compliance requirements. We want to provide them with this document. Does anyone have any latest or near latest documents for AWS?

https://redd.it/yxlucr
@r_devops

Is there any automation solution that isn't "only" CI/CD except Jenkins?

All I want is a solution I can write workflows/pipelines into, arrange them in views and trigger them with parameters (that are more clever than basic strings..), in a way that is better than Jenkins with a better UI. It seems like almost all Devops automation solutions are related mainly to CI/CD, in the sense that they are connected in a 1-to-1 ratio to some code repository. I don't understand why I don't hear people complaining about it more.

My company has much more processes that need automation than CI/CD. We have data-pipelines, DB migrations, on-demand IaC, scheduled tasks, QA pipelines, Customer related pipelines etc.. For each of these we need some other product that is specific to that use case, or some Jenkins invented solution.

I may not be knowledgeable enough in the market, but I'm aware that there are paid solutions. What I'm looking for is something open-source, un-opinionated, mature and container-native. The closest I've come to is argo-workflows, which is an amazing project, but it's just not there yet in terms of front-end/friendliness.

https://redd.it/yyo6dk
@r_devops

Openshift build/ s2i

I have a fairly good understanding of how s2i works from lab/courses, but I am needing some inputs from the community. Does anyone actually use the functionality for building container images from source repos, or is it all external tools for builds(drone/GH Actions/GitLab etc). My last workplace only deployed prebuild images to openshift from a external private registry.

https://redd.it/yypuj6
@r_devops

Migrate database

What’s the best way to migrate large databases from aws to gcp?

We have large mongo databases that are 10TB plus and need to migrate them to gcp with very little downtime! Anyone have an idea the best practices for this?

https://redd.it/yyr6fy
@r_devops

LiveNation/Ticketmaster architecture?

I have a neophyte understanding of cloud architecture; can anyone proffer a guess as to why the LiveNation/Ticketmaster ticket app failed, or what their team missed or didn't plan for with the TS ticket sales?

https://redd.it/yysvs5
@r_devops

React Native CI/CD pipelines

I am wondering what everyone is doing for CI/CD pipelines for React Native apps. I am building my first React Native app and trying to figure out how I should go about setting up the CI/CD pipeline. I have them for everything else but never made one for React Native. Suggestions on good guides or personal experiences that might be helpful are welcome.

https://redd.it/yypi5k
@r_devops

Is the ymal from circleci good?

I created my project and it says “success”, but I’m not sure if it’s just a success by the test, or if it’s actually my whole project

https://redd.it/yyseya
@r_devops

Container image which provides easy access to most backup/restore utils used for managing database backups.

https://github.com/st3ga/dumputils-container


Hello folks.I find myself using these tools really often when switching data environments or when doing local tests on existing data. I wanted to have prepared environment whenever i need, so i created this container. I just started the project with a few scripts, .bashrc and the tools i use the most. Issue templates and CI are also done.

If you find this useful I will be glad if you can join with Enhancement suggestion, pull request or bug reporting.

I have a plan to include common SQL scripts and docs for PostgreSQL and mysql wrapped in shell scripts so they will be easy to access, read and execute from the container without the need of search engines and internet. Also crond may be added, so it can be used in the context of orchestration tools like Docker Compose or Kubernetes.

https://redd.it/yyzye5
@r_devops

ClusterAPI and k8s cluster autoscaling

Does anyone have any experience using clusterapi or similar autoscaling tools in their production kubernetes deployments? It seems like a great way to cut costs but seems like a pretty massive undertaking to convert existing infrastructure.

https://redd.it/yyz9r0
@r_devops

Is there a way to print the agent used by each stage in a Jenkins pipeline using groovy?

I need to obtain the node name used by each stage (since stages can use different nodes), using groovy

https://redd.it/yz0xp0
@r_devops

Mgrate to devops

I've been working with infrastructure for at least 10 years. I would like to migrate to devops. What should I study first? Any good courses to recommend?

https://redd.it/yyxzup
@r_devops

Managed to land a jr devops role in my company.

Any recommendations or tips you have for someone starting out? Something you wished sooner? I know DevOps looks very different organization to organization but any advice is helpful.

https://redd.it/yz1iwe
@r_devops

Deploying feature branch previews with AWS ECS. Is my concept okay?

I‘m a SWE who likes to tackle some smaller DevOps task. I‘m now in charge of building a feature branch preview pipeline with GH Actions and AWS.

I‘ve done such things twice already in old projects, but on prem with a k3s instance. While I could just spin up an EC2 and do the same thing there, I like the challenge and we‘re using ECS already so it makes sense.

My plan is to deploy an ECS service and assign that service to an LB target group. Then I would add a rule to an existing ALB that routes a specific subdomain, like pr-123.dev.example.com. We have a wildcard cert for *.dev.example.com and a CNAME record for the same wildcard pointing to the ALB.

1st question: is that approach flawed in any way? Is there an easier way to achieve the same thing in aws-land?

On PR/merge I‘m gonna find the created resources with some complex aws cli + jq magic and delete every resource: the service, the task definition, the ALB rule, the target group, the image(s) in ECR etc.

2nd question: is there an easy or easier way to do that cleanup? In k8s you can just delete a namespace and everything is gone (except that image). Can you give tags to any aws resource and delete every resource by tag maybe?

Ty

https://redd.it/yz2x5h
@r_devops

Have you guys managed Microsoft Intune in a Hybrid Linux environment with Windows Server and a lot of MDM tools / mobile devices ? (old and new : global accelerator, ManageEngine Desktop Central...)

Have you guys managed Microsoft Intune in a Hybrid Linux environment with Windows Server and a lot of MDM tools / mobile devices ? (old and new : global accelerator, ManageEngine Desktop Central, NinjaOne,Atera,Hexnode UEM,Ivanti Unified Endpoint Manager,IBM Security MaaS360, Datto RMM,BlackBerry UEM etc)

Have you been able to do the same or as good as Intune with others solutions from competitor or Microsoft Azure with ADDS/services is better than linux for that kind of stuffs/technology (identity/security for mobiles devices management) and AWS/Linux is better at others things ? or you used a different approach or policy in your enterprise to manage MDM ?

Do you feel that Azure and AWS are on par in term of features theses days or on the price ratio of stuffs your using in your company ? like do you feel you can do everything in linux on azure as well or easy as you can with aws etc for different kind of advanced scenario like devops stuffs or clusters or anything else etc

https://redd.it/yz5zvt
@r_devops

Best VPS for workspace and problems with it

Hi everyone,
I have some proprietary software which allows colleagues in my company to have a desktop in virtual machine, so we are choosing cloud provider for this and facing some problems with it.

1st problem is that this software as any other remote desktop software takes a lot of bandwidth to operate. We need at least 3gb/hr available bandwidth per hour (out of vm). It is not too much, but the problem appears when we want to install some programs on VM, send/receive files from our ftp, etc. So providers like aws and vultr are kinda unpredictable of how much you should pay for your usage. You can spend 2gb of houly traffic or 15 gb and you cannot predict how much you should pay

2nd problem is that providers like Digital Ocean, vultr are charging money even when your VM is turned off, which is not an option too

So we are looking for cloud provider which could give us at least 2tb of FREE monthly traffic (without hourly charging) + do not bill for the turned off VM (or at least have some workarounds like FAST snapshots to spin up a new vm)

Aws/gcp/azure - are too unpredictable in bandwidth prices, however they do not charge for disabled VMs

Digital ocean/vultr/linode have free bandwidth, but you cannot turn off your VM and stop billing process

https://redd.it/yz72xo
@r_devops

Any way to edit multiple jenkins pipelines at once?

I am learning jenkins and I use decelerative pipelines. I am trying to add one similar stage to multiple pipelines by writing a bash script which will loop through jobs and edit the config.xml.

The changes get reflected after I restart Jenkins. So far, I have been able to add the stage using grep and sed but I am not able to figure out how to fix the indentation.

Is there any easier way to edit pipelines in bulk?

https://redd.it/yyg71v
@r_devops