Certificate Ripper v2 released - tool to extract server certificates

Hello everyone, today I have released version 2 of certificate ripper which includes the following new features:

Support for proxy with authentication
Exporting certificates as binary file (DER) and base64 encoded (PEM)
Exporting all certificates aka chain of a single url as a single file.
Specifying a custom file name for the exported files

It is an easy to use cli tool to extract the full chain of any server/website. The end user can inspect any sub fields and details easily on the command line. The native executables are available in the releases section see here: https://github.com/Hakky54/certificate-ripper/releases

Feel free to share your feedback or new idea's I will appreciate it:)

See here for the github repo: GitHub - Certificate Ripper

https://redd.it/zwvr1f
@r_devops

Establish a autonomy in your work

Hi guys,

And merry Christmas!

Another controversial subject that I would love to hear advices and tips'n tricks of fellow mindset ppl!
I know as DevOps or even system admin is not easy to have always a autonomy in how you work etc since stuff like team work is often needed and sync also with other teams etc but currently I am working in some nice Jenkins pipeline and I enjoy how I can work with a autonomy and with my own pace avoiding also unnecessary morning meetings or the teeth of management lol.
So I'd love to hear from the most experienced guys how you avoid fucked/messy projects (another poor guy took part on a very annoying messy immature product project and still I feel so sorry how it happened this to him and he swears that he ll make sure it won't happen at least to him ever again) and how you establishing boundaries and working with a autonomy...

https://redd.it/zwlq0u
@r_devops

Squid proxy service on docker with multiple ip on this same interface

I using squid on docker, and have problem with connect to other site by selected ip.
I always connected by default host ip, not additional failover ip.

My setup:

a) server
-dedicated server on ovh.org
-1 dedicated ip from server, and 6 additional by ovh service 'failover ip'
-each failover ip added to main interface, and I have on main eno1 interface has 7 ip.
-i added all failover-ip by this guide on ovh.org

b) problem
-I added to squid.conf my failover ip, but when I connect to this ip remote and using squid, I always using host ip, not additionaly. What is wrong?
-my gist setup docker-compose, and squid.conf
https://gist.github.com/mxcdh/22baa3d7fa2d9dcb2279520b81d71afa


p.s
When I logged to host, not on squid on docker, and put in terminal:

curl --interface ip-failover-1 icanhazip.com
ip-failover-1-results

It's working, but on squid no.

https://redd.it/zwjnoy
@r_devops

How to handle security updates to containers OSes?

Hi there, I am just starting to get a more in-depth understanding of how containers are to be handled compared to VMs. One thing I haven't found a good answer to is how security updates to container OSes are handled? So in case I have a functioning CI/CD pipeline and an application that currently is not further developed, would I be specifying an automatic rebuild every X weeks with an updated container OS and the applications dependencies and deploy it to test and see how it does?

How would I handle new vulnerabilities on the container?

https://redd.it/zxdtqd
@r_devops

Best tool for local Dev Env?

I'm trying to mimic our existing dev environment on the remote kubernetes, but I want the devs to run it locally. The thing is, I don't want to rewrite the stack. The devs are already familiar with ArgoCD and the installation of each app as a microservice.

I started to create a bash script that boots a Kind cluster and then supposedly installs ArgoCD on it and then installs the Apps from our Gitops repo; all of this is a bit bulky.

Currently our Jenkins has a job they use to branch out from our Gitops branch, build Images if necessary, and create an env from this branch in Argo. All of this code is already written, and duplicating it locally is a mess.

I wonder if there's any tool out there that is un-opinioneted enough to allow this without changing the stack?

https://redd.it/zxi690
@r_devops

Terrafrom on the cloud

I've got a SaaS solution, that I deploy for each client on the Cloud (GCP) using terraform (networking, SQL, DNS, GKE...). I usually create manually a project each time, update the terraform google provider and hit apply.

Is there a solution out there to handle this on the cloud? destroy the project and the resources after a free trial for example? handle licensing on a dashboard and it will save the tf state on the cloud?

Thanks for reading me

https://redd.it/zxhmqw
@r_devops

POLL: How do you orchestrate your provisioning?

Whether your using ansible/terraform/etc. I'm curious to learn about how others orchestrate provisioning. It's been over 10 years since Jenkins was created, and it seems to me it still does most of the work in most orgs.

How big is your team?
Do you use SaaS (TFE/Ansible Tower etc)?
Who can provision? Central team, or service owners?

As for me...

Team:

Working with a team of ~30 devs. I'm on a small team of maybe 2-3 "Systems" team members.

Stack + IaC:

Terraform+helm for most infrastructure (running eks on AWS). We create generic modules and allow devs to implement/deploy them in their code repos.

How do we provision?

Jenkins is still our workhorse, but starting to look elsewhere. Considering Terraform cloud, but getting a feel for what's out there and who uses what right now. Service owners can run deployment pipelines, which will deploy both infrastructure and their application.

https://redd.it/zxl0lu
@r_devops

Hikaru v0.12.0b released

Hikaru 0.12.0b was (finally) released today with support for the Python Kubernetes client 22.x. Hikaru provides a variety of tooling to work with Kubernetes configs in Python, YAML, or JSON, allowing you to move smoothly between each of these representations, and can also use the Python representation to directly interact with Kubernetes. You can find out more Hikaru here at the PyPI page:

https://pypi.org/project/hikaru/

...at the Github repo:

https://github.com/haxsaw/hikaru

...or read the full doc at ReadTheDocs:

https://hikaru.readthedocs.io/en/latest/index.html

https://redd.it/zxo86n
@r_devops

Cisco DevNet Associate learning materials are horrendous

I wonder whether anyone else is in the same boat as me. I had been learning MERN stack technology but stopped when I saw the UK government offering a free course that helps you get the Cisco DevNet Associate certification.

I enrolled on the course but I'm not sure I'm going to pass it. The exam is in about 12 weeks' time. I never knew anything about networking before I began the course.

I understand quite a lot of the course material (eg Network Fundamentals and Understanding and Using APIs) but when it comes to some parts, eg Cisco Platforms and Development, I struggle badly.

I like to think I'm not stupid but I find Cisco's learning materials to be awful. They simply state facts without really explaining anything. And there's tonnes of that kind of stuff to learn. The learning materials often try to explain things by using new terms that I have never heard of before. So getting through the material is exhausting, slow going and dispiriting.

After looking at Cisco Platforms and Development I have lost the urge to carry on with the course (and maybe the will to live too! :) ).

I wonder whether there is anyone else here in the same boat or anyone who was in the same boat in the past?

https://redd.it/zxq0in
@r_devops

Has anyone attended the Level Up In Tech bootcamp?

So I’ve been seeing on LinkedIn this bootcamp called Level Up In Tech where it’s a 24 week programs that helps you obtain the necessary certifications and skills to break into Cloud and become a DevOps Engineer.

From the different types of posts I’ve seen on LinkedIn, the individuals who are enrolled in the program come from different backgrounds…a lot of them with no previous tech experience. However, it seems like they are having success with the program and I am amazed at how a bootcamp can make this possible.

Based on some of the testimonials that I’ve seen from this bootcamp, some people were able to make the shift into cloud and is making 65k+, 75k+, 100k+. I did not know that this was possible for people with no previous tech experience.

Has anyone personally heard of this bootcamp on LinkedIn? If so, do you know anyone who has personally attended this program and have gotten these results?

I am considering making the transition from IT Support to Cloud Computing and this bootcamp seems very tempting and promising.

https://redd.it/zxesr2
@r_devops

I’m doing my thesis and looking for those that work ON-CALL to participate in an anonymous online survey. Please help

I’m from CQUniversity and looking for those that work ON-CALL to participate in an anonymous online survey to study the effects of on-call work in the areas of sleep quality and anxiety.

Click the link https://cqu.syd1.qualtrics.com/jfe/form/SV\_eX3J6NYVyw8rJVc

CQUniversity is examining many of the issues affecting sleep and anxiety levels of on-call workers. The survey will be looking at the impact of an on-call workers on both anxiety and sleep.

By participating in this survey, you could be assisting researchers to identify key areas where employers and industries can make possible changes to support those in on-call settings, to experience better sleep, and improved anxiety levels, and thus long and short-term health outcomes in the future. Better health outcomes for workers equal improved efficiencies for businesses, the relevant sectors, and the community.

Thank you for your time I really appreciate it.

https://redd.it/zxs1kz
@r_devops

What's your team's current big project goal?

Hi all, I'm new here. Came to learn a little about:

1. what kind of projects others are working on?
2. what consumes most of your time each week?

Thanks in advance for the engagement.

https://redd.it/zx8cns
@r_devops

Do you manage non k8s environment, just bare Linux?

I love K8s and GitOps. It makes everything soo much easier to deal with. Put your over engineered Yamls into the Git repository and you're pretty much done. However, I still have to manage some bare metal servers or VMs. I'm currently using Puppet & Ansible.

In terms of user experience, Ansible is like kubectl apply. You pray and hope it applies successfully. Good luck if there's any configuration drift. Puppet is little bit better. DSL is good, almost full-fledged programming language. If you're lucky enough to have Enterprise version you're golden.

I'm craving to build something like ArgoCD but for Linux. How do I get there? Is there any new shiny tool that I'm not aware of? I want to basically push my new changes to git and be done with it. How are you guys managing your Linux nowadays?

https://redd.it/zxuqwx
@r_devops

The KCL Programing Language for DevOps

## https://github.com/KusionStack/KCLVM

## Introduction

Kusion Configuration Language (KCL) is an open source constraint-based record and functional language. KCL improves the writing of a large number of complex configurations such as cloud native scenarios through mature programming language technology and practice, and is committed to building better modularity, scalability and stability around configuration, simpler logic writing, fast automation and good ecological extensionality.

## What is it for?

You can use KCL to

[Generate low-level static configuration data](https://kcl-lang.io/docs/user_docs/guides/configuration) like JSON, YAML, etc or [integrate with existing data](https://kcl-lang.io/docs/user_docs/guides/data-integration).
Reduce boilerplate in configuration data with the schema modeling.
Define schemas with [rule constraints for configuration data and validate](https://kcl-lang.io/docs/user_docs/guides/validation) them automatically\].
Organize, simplify, unify and manage large configurations without side effects through gradient automation schemes.
Manage large configurations scalably with [isolated configuration blocks](https://kcl-lang.io/docs/reference/lang/tour#config-operations).
Used as a platform engineering programming language to deliver modern app with Kusion Stack.

## Features

Easy-to-use: Originated from high-level languages ​​such as Python and Golang, incorporating functional language features with low side effects.
Well-designed: Independent Spec-driven syntax, semantics, runtime and system modules design.
Quick modeling: [Schema](https://kcl-lang.io/docs/reference/lang/tour#schema)\-centric configuration types and modular abstraction.
Rich capabilities: Configuration with type, logic and policy based on Config, Schema, Lambda, Rule.
Stability: Configuration stability built on [static type system](https://kcl-lang.io/docs/reference/lang/tour/#type-system), [constraints](https://kcl-lang.io/docs/reference/lang/tour/#validation), and [rules](https://kcl-lang.io/docs/reference/lang/tour#rule).
Scalability: High scalability through automatic merge mechanism of isolated config blocks.
Fast automation: Gradient automation scheme of [CRUD APIs](https://kcl-lang.io/docs/reference/lang/tour/#kcl-cli-variable-override), [multilingual SDKs](https://kcl-lang.io/docs/reference/xlang-api/overview), [language plugin](https://github.com/KusionStack/kcl-plugin)
High performance: High compile time and runtime performance using Rust & C and LLVM, and support compilation to native code and WASM.
API affinity: Native support API ecological specifications such as [OpenAPI](https://github.com/KusionStack/kcl-openapi), Kubernetes CRD, Kubernetes YAML spec.
Development friendly: Friendly development experiences with rich language tools (Format, Lint, Test, Vet, Doc, etc.) and IDE plugins.
Safety & maintainable: Domain-oriented, no system-level functions such as native threads and IO, low noise and security risk, easy maintenance and governance.
Production-ready: Widely used in production practice of platform engineering and automation at Ant Group.

https://redd.it/zxuypr
@r_devops

digital product

I intend to develop a digital product portal. The user will log in to the portal and then add digital products to their shopping cart, and then check out. Once the checkout is complete, the portal will send the digital product to the user's email address.

I'm thinking to use AWS Lambda function to handle backend logic.

My question is, do I need to manage user sessions ? Or this could be stateless also ? Can AWS Lambda be a right fit in this use case ?

https://redd.it/zxgcca
@r_devops

I built haystack - google for workplace secrets and connection details.

Hi my name is Yuval I've been a devops engineer for a few years now,

I was sifting through confluence pages trying to find ssh connection details to our jenkins integration machine for 40 minutes straight, later I discovered my co-worker slack'ed me the ssh connection string two months ago.

I started working on haystack a few weeks ago a search engine for workplace apps specifically to search for secrets, credentials, connection details.. It enables you to search slack, confluence, jira, jfrog, github, circleci, jenkins, and email in one place.

It supports natural language queries so a query like: "how to connect to integ2 machine?" yields:

ssh -i private.pem [email protected]

Privacy?
Stores user data locally so there's no security risk, I didn't want to deal with security compliance headaches for storing user data in the cloud. March 23' code will be also released on Github. (see comment section)

Rolled it out to my co-workers a week ago and they thought it's a hit, so I'm planning on releasing it publicly on March 2023.

Early access
If you want to try it out before March 2023 - Available here

https://redd.it/zxzlys
@r_devops

Need a private on-prem docker image registry to use with Azure DevOps Server (TFS19)

Hi, I'm after tips or recommendations for the above please. I could update to TFS22 but at the moment all I want to do is to publish to an on-prem registry. I've got microk8s running on a Ubuntu host, which supports a local registry. I could also spin up a docker container (which one?). Thanks,

https://redd.it/zy24he
@r_devops

How DevOps Implementation Reshapes Software Development Process

Custom software development process gets more complicated amid rising challenges. However, advancing technology introduces new approaches to make software development ready to meet the complexities of modern businesses. DevOps is one such approach that enables developers to ensure fast and frequent releases of stable software. Simply put, DevOps is a key set of ideas and software development practices that can improve automation and bring transparency.

Read on to know the key principles and benefits of DevOps implementation. - https://techcloudspro.com/how-devops-implementation-reshapes-software-development-process/

https://redd.it/zy2xvl
@r_devops

Suggestions for skill development beside job

Lets get straight to the point. I have Intermediate knowledge in AWS, Kubernetes, gitlab Ci, Ansible etc. Good knowledge in Python, Linux, Prometheus and Grafana. With this bundle I got my first entry level DevOps job in a mid size company (200+ dev) with a decent salary.

Our DevOps team is big and divided by some sub-teams. Production team guys take care k8s, GitLab pipeline, custom gitlab runner etc. They are experienced developers. Platform and Deployment team takes care of Jenkins pipeline, AWS, manage 150+ VMs in Proxmox, Citrix, Monitoring etc.
They threw me into the Platform team and there was no proper onboarding and mentoring. There are meetings everyday, discussions about new issues, tickets, and all members have some knowledge in all these stuff. But here I am just a silent listener. It’s like survival for the fittest. I have to find my role on my own. There are nothing to do in Proxmox as a bunch of people are skilled and always wait to work there. Citrix env also same, not that much people knows about it but not that much needed to do here. Two guys takes care aws and they don’t need any more. So I found, They do not have anyone who knows about monitoring. So grab that part and from the last four months I am doing monitoring and alerting.

It seems like I have to show them a CKA or AWS SAA cert as a proof of competence to work in them. I have a plan for the cert, but it requires time. If I wasting time on learning them then may be I couldn’t learn anything what my current team is doing. We have oracle Db. If I do a course on Oracle DB, I will be busy immediately I informed my boss about it, but I don’t want to do dba stuff rather want work on k8s, cloud, ci/cd.

So, the final question is what should I learn in my spare time:

i. Things that I want to work on?

ii. Things that my current team is working with, like proxmox, Linux server troubleshooting, citrix, vmware, dba etc. to survive?

https://redd.it/zy2pgd
@r_devops

10 DevOps tools you should learn in 2023

https://blog.yusadolat.iss.one/10-devops-tools-you-should-learn-in-2023

https://redd.it/zy2uot
@r_devops

Need help to showcase my DevOps skills in resume

Hi Folks,

I have background of linux, shell scripting and azure Cloud, and managing platform operations and application services mostly I worked on back-end

I have been trying to get in to devops role

Since last few months I explored few devops tools and tried to implement my learnings
Following is what I was able to implement:

Ansible: spin two VMs (one controller vm and one target vm) and write ansible playbooks to automate few tasks
Was able to integrate Ansible Roles with Ansible Playbook

Docker: spin a vm and deployed containers
Here I explored docker commands, and writing a dockerfile and how it works

Kubernetes: deployed clusters, pod used node port, cluster port
Creating a k8s deployment


Nagios: deployed a vm where installed nagios another vm where I installed apache service and configure nagios to monitor the apache service on another VM

Jenkis: again here deployed vms configured jenkins agents on nodes, created and ran jenkins jobs, created a CI/CD pipeline triggered by Git Webhook

I am not sure how do I present this in my resume to target devops roles
Not able to articulate, or frame what I am able to do so that it attracts any recruiters attention

If any of you could give insight or help with how you would showcase above in Resume, Please guide me

I am not sure if above even counts as skills😬😅 but I really want to go into DevOps and have not got any exposure in my current company

Kindly help!!!
Highly appreciated

Ps. I have working experience with Ansible and carrying out jenkins deployments but this is less as compared to my other experience with the skills I mentioned at start and doesnt really stands out in my resume

https://redd.it/zy61k9
@r_devops