How can implement SSO for this situation?

Its my first time messing with authentication. I am creating a web app. The people in my office use 2 tools: Kibana and Grafana.

I want to create/implement a login portal where they will authenticate only once. Upon authentication I will display two links that can take them to their Kibana/Grafana accounts without having to login to them individually.

They both support LDAP and SAML. I've also heard a bit about Okta (these are all topics i don't know much about)

How can I achieve this? What do you recommend?

https://redd.it/11m1043
@r_devops

Utility to observe github pipelines

Are there any tools (paid or OS) that are commonly used to monitor Git pipelines, re-try failed steps etc (general observability in pipeline flow). As in how many jobs failed, resource usage (self-hosted runner), cost monitoring etc.

https://redd.it/11mjvfh
@r_devops

Lambda function error

In my Python 3.9 Lambda function , I am using these imports

import json
import os
from smbprotocol.connection import Connection
from smbprotocol.exceptions import SMBException



I get this error

{
"errorMessage": "Unable to import module 'lambda_function': No module named 'smbprotocol'",
"errorType": "Runtime.ImportModuleError",
"requestId": "ead10ed4-a135-4ffc-a0b1-985bdff0b88b",
"stackTrace": []
}



I have added smbprotocol as layered library in the Lambda

This is the library contents (screenshot)

https://i.imgur.com/V0Gqe4x.png


How to fix this error ?

https://redd.it/11mk3xn
@r_devops

Will AI automate the authoring of IaC?

I believe that IA can write IaC and will have a huge impact in the DevOps industry. There are already generative AIs that can create workflows from simple text instructions.
In addition cloud APIs are extremely well documented and there is already lot of code out there to train the AI.

What do you think?

https://redd.it/11lq342
@r_devops

How am I getting captcha for a site that I've visited the first time?

I'm abroad at the moment (in the UK by default), and suddenly all sites think I'm a robot, even if I've never been on that site.

How are those working? It must be an automated check (not something that is manually set up on their server, because they don't have data to work with, because I was visiting the site first time), and wondering if there are automated ways of preventing suspicious activity.

I want to set something like this up in my app, but never done it, so I'm looking for something simple, and automated.

https://redd.it/11mmy9p
@r_devops

A company is offering internship to me but I don't know anything about devops

I am doing a CS degree (first year) at the moment and they have offered me a devops role unpaid internship. Should I go for it? Is it worth it? For context, I am east European.

I have gotten myself involved in CS degree because I want to make lots of money and that's my main motivator. Do I like this degree? I do but that's mainly because I see it as a great way to earn more money. This might seem very shallow maybe but that's just how I am.

So with that said, should I take this internship and start moving in this direction? So far I have been preparing myself to get Software Dev role in the future in some good company because it pays well as far as I know but I am in the beginning state only as I am still learning C++.

https://redd.it/11lq71s
@r_devops

Question: tools for JSON-RPC calls?

Hey, devs!

Can you share your experience with using online tools for JSON-RPC calls and provide recommendations on which tools are most effective for this purpose?

I would appreciate any insights you can offer.

https://redd.it/11moczv
@r_devops

ai based recommendation engine

Hi guys,

maybe this is a dumb question but: how difficult is it to write an (ai based) recommendation engine, that recommends a handful of content pieces to a user after the user has made a few entries. (it should adapt based on how the user consumes said content pieces)

is it possible to do this with a small team 1-3 devs in weeks/months or is this a completely impossible task unless you have millions of dollars and a big company.


(also it needs to have an ai element)

Thank you !

https://redd.it/11mrevu
@r_devops

Update: Datadog Outage

https://status.datadoghq.com/

Well everyone, the nightmare is nearing an end as DD Eng worked tirelessly through the day/night for close to a day straight on what has been an anxiety inducing day for everyone involved. A full post-mortem will be coming later but the main gist is below...

"At 06:00 UTC on March 8th, 2023 the Datadog platform started experiencing widespread issues across multiple products and regions . The web application was unavailable or intermittently loading, and data ingestion & monitor evaluation were delayed.

We will share a more detailed analysis post-recovery, but at a very high level:
A system update on a number of hosts controlling our compute clusters caused a subset of these hosts to lose network connectivity.

As a result a number of the corresponding clusters entered unhealthy states and caused failures in a number of the internal services, datastores and applications hosted on these clusters."

Data is being backfilled as we speak and we're back to fully operational. All things considered, this was a disaster, but we got through it. I know everyone (sorta rightfully) likes to shit on us for our AEs/CSMs and the price, but I know eng is doing their best because goddamn it was a long night for them trying to get us back to our usual flavor of "just working". And yes, for everyone who asks, we do in fact use our own software and it did in fact help us figure out what was going on.

Signed, a sales engineer who has to give a demo today and pray not too many hard questions get asked.

https://redd.it/11mt2eg
@r_devops

How the hell do you reference an artifact to download from another pipeline in Github Actions?

I've got two pipelines, one is called **Build.yml**

- name: Archive WebAppContent
run: Compress-Archive -Path '${{ env.RUNNER_TEMP }}\WebAppContent' -DestinationPath './drop/drop.zip'

- name: Upload artifact
uses: actions/upload-artifact@v2
with:
name: drop
path: './drop/drop.zip'

another is called **Deploy.yml**

- name: Download Drop
uses: actions/download-artifact@v3
with:
name: drop
path: './drop/drop.zip'

- name: Deploy to staging # deploys to uat-01-staging
id: deploy-to-staging
uses: azure/webapps-deploy@v2
with:
app-name: 'webapp'
slot-name: 'staging'
azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
azure-subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
package: ${{ github.workspace }}/drop/drop.zip

How the hell do I get the second pipeline to find the location of the artifact created in the **build.yaml** pipeline and use it for my azure deployment in the second pipeline? I've scoured the internet and can't find any clear answer about why my artifact is not going to the correct place/why the deploy pipeline can't find it.

Note that both pipelines are within the same repository.

Thank you for your help.

https://redd.it/11mv3o9
@r_devops

How to people organize their Repos?

Our dev team are wondering what the best practice is for organizing GitHub repos around VS projects. I am responsible for all the DB stuff (i.e. SQL Server, SSIS, SSAS, SSRS etc). Is it best practice to create one repo for all these DB related VS solutions or create a separate repo for each one?

https://redd.it/11mvqxv
@r_devops

A 0.6 release of UI for Apache Kafka w/ cluster configuration wizard & ODD Platform integration is out!

Hi redditors!

Today I'm delighted to bring you the latest 0.6 release of UI for Apache Kafka, packed with new features and enhancements!

This version offers:
- A configuration wizard that simplifies cluster setup (right in web UI!). Now we can launch the app via AWS AMI image and setup a cluster on the go
- Integration with OpenDataDiscovery Platform to gain deeper insight into your metadata changes
- Support for protobuf imports & file references

Other minor, yet significant, enhancements include:
- Embedded Avro embedded serde plugin
- Improved ISR display on Topic overview (now you can view it per partition!)

And a cherry on top? Now we’re able to work around kafka ACL errors so you won’t need to confront pesky permission issues when using the app.

Don’t wait, the update is already available on github & @ AWS Marketplace!

Full changelog: https://github.com/provectus/kafka-ui/releases/tag/v0.6.0
Thanks to everyone who just started and continued to contribute!
In the next release, we'll focus a bit on expanding our RBAC possibilities (support for LDAP and universal OAuth providers) and some Wizard features!

https://redd.it/11mxpbj
@r_devops

RMM/UEM

Good morning everyone,


I've done quite a bit of Googling regarding this but haven't gotten very far. Short of taking advantage of all the free trials, which I will soon, it's hard to tell the difference from app to app.

With CMMC compliance on the horizon I need to remotely manage around 10 linux machines and 10 macs spread out across the states. Ideally I will be able to self host the central server but most of the options I have come across are cloud based.

Any suggestions or guidance is deeply appreciated.

Pros:

Opensource (TacticalRMM was all I found but there were some glaring concerns)
Can manage both Mac and Linux machines
Hosted on site
CIS/NIST configuration templates are a major plus

https://redd.it/11mvso9
@r_devops

SUSE Elemental Toolkit

Has anybody used Elemental Toolkit? Seems to provide a good tool set for k8s cluster lifecycle management, including OS build and maintenance

https://redd.it/11mtxom
@r_devops

Who uses Signoz in production

Just want to see how your experience has been so far. Things like upgrading. Resource consumption. Disk space. All that other stuff. Ease of operations ( for context, I’m looking for something that doesn’t require a whole lot of operations as I’d rather just pay for cloud at that point )

https://redd.it/11n272q
@r_devops

Is HashiCorp Certified: Terraform Associate (002) Worth It?

I have an upcoming internship this Summer in a DevOps role. I have never used Terraform first hand, but I do know it will be a tool I'll be using on the job. Is it worth pursuing an associate certification in order to prepare? Does anyone have any experience with this cert? How does it stack up time wise to prepare for?

https://redd.it/11n2k0z
@r_devops

Save $ on public S3 buckets using VPC endpoints via SQL

The cost savings of routing the traffic of public S3 buckets through VPC endpoints instead of NAT gateways in AWS can be quite large. NAT gateways are the default. We wrote a guide on how to do this with r/iasql using a couple of queries: https://iasql.com/blog/save-s3-vpc/

https://redd.it/11n5d6u
@r_devops

whats your development process for github actions and how are you testing them?

so, I have been getting in deep with github actions: terraform with a remote backend, automated testing, linting, automated building, etc.

and I am finding the development process to be slow. 3-4 minutes per iteration and I am iterating a lot because I am learning and small changes are more likely to succeed. but waiting for push, waiting for it to get picked up, waiting for the entire workflow to run is slow when I am making incremental changes. Plus its eating into my GA budget.


I know once my pipelines are all set, I shouldn't touch it much, but I'd love a more responsive, local environment for testing these workflows.

https://redd.it/11n4cn1
@r_devops

when companies provide you with a laptop as an employee and it comes with pre installed software, how does that software get installed?

I might be in the wrong subreddit.. but I'm curious:

My company recently got acquired by a much bigger company, and during that process, the parent company provided all new employees with a laptop, so they shipped 100+ laptops to employees, and you go through a setup process with the IT team, to assign the laptop to oneself.

Usually, there is some software already installed on the laptop after setup. I'm curious how the parent company creates these identical laptop setups for 100+ people...

Is it manual? Do they use a snapshot of an existing setup and then apply that to all laptops? Is there a company that provides this as a service?

Any info would be great, or directions to the right subreddit.

Thank you

https://redd.it/11n7zdb
@r_devops

Deploying CLIs to developer machines

We have some internal tools for interfacing with our Kubernetes clusters and other internal systems. They're all CLIs, some Bash scripts and Rust binaries, and we're looking to have them regularly built and deployed onto developers' machines (Linux and OSX).

Is there an existing solution for this ?

https://redd.it/11n39ie
@r_devops

Proxy Basic Auth Replacement Best Practice for Cloud Native / OIDC / Vault

What would be the up-to-date, cloud native, best practice for replacement of e.g. haProxy with ACLs and Basic Auth, with something like Envoy (it has RBAC) + JWT + Hashi Vault and/or OIDC provider like Okta/AD?

I want to secure web endpoints, which don't support auth natively. Current solution is haProxy with network ACLs and Basic Auth, but I want actual identity check (not network-based), ideally tied to an identity provider (in my case AD) with either rotating token or at least password stored in Vault (and I do realize that I might be mixing stuff here - AD and pwd/token being mutually exclusive, so either is fine, but I want to be able to auth with another software as well, not just human - not sure how to go about that with AD).

I've seen a solution with Envoy+something (I don't remember, maybe traefik?)+OpenPolicyAgent+Okta in K8s env. It was ugly :-D. I want something independent of k8s, so I can place it in front of a historical service running on a VM, and secure it while it's being migrated and ideally doesn't require 3 containers to implement :-D.

Thanks for any suggestions and pointers!

https://redd.it/11nas9j
@r_devops