Database user management?

Are there any tools that help automate the creation of users and granting of privileges on databases/tables?

I'd love to have a web-based UI that users can access via SSO, where they can request creation of users or granting of specific privileges. Admins would be able to approve these requests with a click and the tool in question would run the CREATE USER or GRANT queries, as well as keeping an auditable log of said operations.

Does a tool like this already exist?

If not, is there a reason why it shouldn't? I.e. would this be an anti-pattern for some reason?

For context, we build a lot of microservices, and create service-specific users and grant the privs needed for that service. However, this is all manual currently which leads to a lot of grunt work for our devops team, and is hard to audit (currently devops engineers post the queries they ran as a comment in the JIRA ticket requesting the db user/grants).

TIA!

https://redd.it/12is0o1
@r_devops

Network Troubleshooting Made Easy with ChatGPT

How ChatGPT transforms network automation through seamless pyATS integration, analyzing network test failures, and providing customized explanations for users of varying expertise. https://youtu.be/W7KtYF0gDJU

https://redd.it/12ivc6p
@r_devops

CI/CD server script question

When you are writing an inline script on a CI/CD server like bamboo, how does it know what location in the server to start the commands from?

For instance, in one of our scripts, the first command is cp. Which directory is this command being run from?

https://redd.it/12j1b6a
@r_devops

Why do some people say DevOps would be one of the first fields to be replaced by AI?

Not saying i believe AI will take all our jobs but from what i heard dev ops is much less about coding (what AI does relavely well) and more about infrastructure, support, communications and automation.


I mean the whole point of DevOps is to use tools to automate processes, if anything AI would just open more doors.

Also I heard DevOps requires a lot more communications and soft skills, which mean harder to replace with an AI.

What do you guys think? If AI does a lot of Damage in the Software market will DevOps be more/less/equally impacted?

https://redd.it/12j6zml
@r_devops

Need help with getting practice projects for a job

I'm looking for multiple DevOps projects that involve each of the following options:

- Terraform Jenkins Kubernetes integration

- Terraform and Jenkins integration

- Docker Terraform Kubernetes integration

https://redd.it/12jcgj7
@r_devops

Which centralised key/value store datasource are you using ?

Pretty simple question, which centralised k/v store datasource are you using ?

​

For context, I am currently using AWS parameter store to share informations across multiple repositories. This being provisioned and queried by terraform but this one does not seems reliable as it happens to sometime create the new value before deleting it within a value update flow.


I was previously using Hashicorp consul with whom I never had this kind of issue but is another whole topic to deploy and maintain. I am wondering if you guys have others tools to handle this kind of flows.

https://redd.it/12jek75
@r_devops

Grafana to sumologic pricing


So currently our company hosts a kube prom stack , we host 3 Grafana instances for Dev,staging and prod . I have set it up to collect metrics , Loki for logs and tempo for tracing but it has got no adoption from developers .

They are looking to switch to sumologic ( they use it for logs ATM ) but I'm wondering how much it will cost us to send metrics up , confusing how this is worked out .

For prod our tsdb shows :
Number of series : 900k
Scrape interval : 30s

Sumo is 3 credits / 1000 DPM
1 credit = $0.15

I'm getting crazy cost here . But what are we looking at per day / month or year roughly .

Thanks

https://redd.it/12jhxbg
@r_devops

How people generate examples for multiple programming languages?

I need to generate classes for C# and java with some constants based on a json document. Is there a tool to convert some language agnostic model to classes of a specific programming language?

https://redd.it/12jnpxk
@r_devops

Offsite Openshit Redundancy

Hi all,

I’m trying to picture how I can set this up. I have an openshift cluster (OKD) that hosts a large amount of websites. We also have rack space at another location that we want to have backups of some of our openshift projects (core website, etc). Any thoughts on how to do this? I’m struggling reading through documentation.

https://redd.it/12jo6m5
@r_devops

How to migrate off Hashicorp Vault (transit engine specifically)

Has anyone migrated out of Vault transit engine to other services like AWS KMS? I'd love to hear about your journey.

https://redd.it/12jr7hg
@r_devops

Building Unprivileged Multi-Arch Images Using Kaniko and Gitlab CI

Hey r/devops!

I know people aren't big fans of having work blogs posted here, but I recently tackled something that didn't have much documentation online and wanted to share in case this could help someone else!

Amongst other things, I used some pretty cool, as of yet, undocumented gitlab CI features that allow you to change your gitlab runner's node selectors through environment variables in jobs.

https://arborxr.com/blog/developers-journal-building-unprivileged-multi-arch-images-with-kaniko-and-gitlab-ci/

https://redd.it/12jstaj
@r_devops

Running SuperTokens self hosted on Kubernetes at scale

Hi, I've always written my own Auth services and ensured they were cloud-native and scalable (horizontally). I'm about to start a new project and I'm drawn to trying out SuperTokens.


Anyone here with experience deploying supertokens on kubernetes?
Is the image (registry.supertokens.io) designed to support multiple instances running in parallel, connecting to the same database?

https://redd.it/12jvq4i
@r_devops

The Case for Function-Level Metrics: An observability sweet spot that balances debuggability, cost, and ease of use

Hi all, I was inspired to write this up after reading a post from Cloudflare about how they run Prometheus at scale. They mentioned some of the engineering challenges around managing the full life cycle of metrics, and I think function-level metrics address those challenges in some kind of neat ways.

https://fiberplane.com/blog/the-case-for-function-level-metrics

I'd love to hear what you all think!

https://redd.it/12jpv5l
@r_devops

How do you read books to learn?

I'm really curious. I haven't learnt anything till date just by reading books(and practicing). I always required some form of videos to learn. Neither do tutorials websites work for me. How do you read books?

I'm having to read this book in short duration(as I'm in job) ""The Linux System Administrator's Guide"", how do I do it. I have at most 2 weeks to read that book. 2 weeks, 9hrs per day.

https://redd.it/12jp4wi
@r_devops

Terraform, AWS, and user management

Does anyone have a good way of notifying new employees about their IAM account and what their temporary password is?

I see that there is aws_iam_user_login_profile but it doesn't actually send the temp password anywhere. Should I use something like local-exec and just send an email template?

Any thoughts would be appreciated.

https://redd.it/12k0i4r
@r_devops

What is your methodology when dealing with IaC on a cloud service?

I’m using Terraform as my IaC tool, and find it very hard to setup the right configs, especially for cloud services I don’t use often.

Is there any proven methodology? I tried doing things on the console to get hands dirty on the services, however sometimes the Terraform parts are more granular and I can’t get a 1-to-1 equivalence between the console and TF parts.

What are your tips?

https://redd.it/12k0ygn
@r_devops

How can I know the total hours I worked on starting from a specific sprint

If I joined a start up as part time and I worked on some tasks for the last 2 months, how can I know the full hours Ive worked on since then till now. Thanks

https://redd.it/12jojte
@r_devops

How to improve negotiation skill as a DevOps Engineer / Consultant

As a DevOps consultant in an organization, what steps can be taken to improve skills in consulting and negotiation when discussing topics such as infrastructure deployment strategies, resource and manday allocation, and other related matters with developers or clients? This includes situations where miscommunication may occur, resulting in errors or misunderstandings.

Is there any books, video, or resource that are good for this kind of thing? Thank you, appreciate if you reply this thread

https://redd.it/12kgph7
@r_devops

Bind server in AWS?

We're starting the beginnings of a migration from our on-prem data center to AWS and for the initial testing I'm trying to replicate what our on-prem config and stack look like before I start tearing it apart and refactoring.

Has anyone tried something like this? My workflow now is that the bind server does the zone transfers from my AD and services different dev/team environments. teama.company.com teamb.company.com.

Any thouhgts or suggestions on this?

​

Thanks in advance.

https://redd.it/12klk46
@r_devops

You do not need yet another CI tool for your Terraform.

IaC is code. It may not be traditional product code that delivers features and functionality to end-users, but it is code nonetheless. It has its own syntax, structure, and logic that requires the same level of attention and care as product code. In fact, IaC is often more critical than product code since it manages the underlying infrastructure that your application runs on. That’s precisely why treating IaC and product code differently did not sit right with us. We feel that IaC should be treated like any other code that goes through your CI/CD pipeline. It should be version-controlled, tested, and deployed using the same tools and processes that you use for product code. This approach ensures that any changes to your infrastructure are properly reviewed, tested, and approved before they are deployed to production.

One of the main reasons why IaC has been treated differently is that it requires a different set of tools and processes. For example, tools like Terraform and CloudFormation are used to define infrastructure, and separate, IaC only CI/CD systems like Env0 and Spacelift are used to manage IaC deployments.

However, these tools and processes are not inherently different from those used for product code. In fact, many of the same tools used for product code can be used for IaC. For example: 1) Git can be used for version control, and 2) popular CI/CD systems like Github Actions, CircleCI or Jenkins can be used to manage deployments.

This is where Digger comes in. Digger is a tool that allows you to run Terraform jobs natively in your existing CI/CD pipeline, such as GitHub Actions or GitLab. It takes care of locks, state, and outputs, just like a standalone CI/CD system like Terraform Cloud or Spacelift. So you end up reusing your existing CI infrastructure instead of having 2 CI platforms in your stack.

Digger also provides other features that make it easy to manage IaC, such as code-level locks to avoid race conditions across multiple pull requests, multi-cloud support for AWS & GCP, along with Terragrunt & workspace support.

What do you think of this approach? Digger is fully Open Source - Feel free to check out the repo and contribute! (repo link - https://github.com/diggerhq/digger)

https://redd.it/12koqev
@r_devops

Good Certs for New Relic?

Hi y'all,

I have a quick question :

I see that NR University offers some certs, are they good? If not is there any out there?


In any cases, which one would you recommend?


Thank you in advance for your help!

https://redd.it/12kqrua
@r_devops