Advice for new employee in a (so far) toxic work environment

Started a new devops job a few weeks ago as a new college grad and it isn't going particularly well. The organization has a pretty restrictive environment with barely any public facing services which means that doing anything on the network requires knowledge of the internal architect to get anything done.

Issue is is my counterparts are supposed to be helping me and guiding me through this environment but it's not going well at all. Simple questions are often left with with one word answers that don't explain what I need help with. It's seems as if they are annoyed with me for asking simple things, but how am I supposed to know where the test certificates are or what the authentication is for a server when there is zero documentation. I am often sitting at my desk for hours rerunning the same commands while they watch my command history on my account just to bring it up later on in a meeting or something to have a laugh.

Ive been assigned a simple app update as my first solo task and while I know the general steps of redeploying the app with the update, I am hitting every small road block you can think of because of the architecture. I can't get anything answered for me like how should I bring up this database, how do I auth with our repo, how do I access server X, why can't I hit this webpage, etc etc.

I came from an internship of great people who genuinely wanted to help me. And this team even seems fine outside of these 3 bozos. Problem is, the rest of the team isnt DevOps but instead SW Engineers they can't help much. I feel like I'm in a place where not knowing is offensive, and the stress just doesn't feel worth it. Of course I moved to a small town where the industry knows each other.

Any advice from someone who has maybe been here before? I'm losing my mind

https://redd.it/13vu90h
@r_devops

0auth2 issues with curl script in Python

Hi, I'm new to 0auth2 and using it to get creds for REST APIs. I fill in this info and drop the script in my Windows CLI and the script just drops with no value return. I try to run 0auth2 in Postman and I get the below output.

Any ideas?

{"detail":[{"loc":["body","grant_type"],"msg":"field required","type":"value_error.missing"}]}

​

curl -X POST https://HIDDEN.com \
-H "Accept: application/json" \
-H "API-Token: <INSERT API TOKEN>" \
-u "<INSERT CLIENT ID>:<INSERT CLIENT SECRET>" \
-d "grant_type=client_credentials"

https://redd.it/13vtiz1
@r_devops

Suggestions on architecture

I have a service, customer facing, I have 10 pods in Parallel, I have to limit the request I get in a queue and send the request to the servers based on their cpu/mem usage? What’s the best way to implement this? Can we do this using kafka?

https://redd.it/13vxeg9
@r_devops

Anyone else feels like that after many years of devops?

https://youtu.be/-UYgORr5Qhg

https://redd.it/13vyr79
@r_devops

London , need help

Hiya guys,

I was wondering if anyone can help me get started in the tech industry within London, I'm really struggling to get jobs by myself, I don't know if it has anything to do with my CV (will send you if you pm me) or just my lack of experience. I'm looking for a junior/entry-level job or apprenticeship in any field in tech tbh.

Thank you to anyone who gives me advice

https://redd.it/13w0xmf
@r_devops

Should I always carry a second phone specifically for work?

I currently have one personal phone with no work-related accounts set up on it. I do not want to set up work accounts on my personal phone for 2 main reasons:
I would need to send my internet traffic through my employer's VPN.
My employer would have access to my phone, up to and including the ability to lock and wipe it remotely.

So far I have gone 3 years at this company without a second, work-specific phone. I get pages to my personal phone via SMS, and use my work laptop for all Slack, email, and video calls. I am occasionally level 3/4 on call, for which I am not expressly paid, but also rarely receive any pages.

I am interested to know whether others in the industry think that my current approach is ok, or if it is expected for DevOps engineers to always be reachable not only by phone, but also via Slack and email.

Thanks in advance for your perspectives!

Update: My employer is willing to provide the phone and cell service, so cost is not the issue. Just the fact that I'd always have to carry 2 phones, and be tuned into work communications at all times.

https://redd.it/13w21ny
@r_devops

Open source IAM-as-code through IAMbic

Hello everyone!
We are working on an open-source IAM-as-code solution called IAMbic, and recently added AWS Service Control Policy support (AWS guardrails, typically used for compliance).
IAMbic represents your IAM in Git as YAML Files (called iambic templates). An example repository of templates managed by IAMbic is here. The goal is that you can download IAMbic, and go from your cloud to code in \~10 minutes without needing to write any code. Any changes you make (via clicking in the cloud console, running `terraform apply`, etc) are captured by IAMbic and updated in Git, so you have a running Git history of all IAM changes over time, and Git is an eventually consistent, reliable source of truth for permissions.
IAMbic templates are bi-directional, so when you want to start managing identities in IAMbic (like cookie-cutter engineering IAM roles or AWS SSO permission sets), You go through a GitOps workflow, get approval, and instruct IAMbic to apply the changes. We have some examples in our IAMOps Philosophy docs. If you want resources to be solely managed by IAMbic, you can instruct IAMbic to prevent drift on these resources.
You can also declaratively define temporary access or permissions in the format (Like: "I want userA to have access to the Salesforce app in Okta for 12 hours" or "I want to have S3 permissions to BucketA on the engineering role on the prod AWS account until DATE").
We're really looking for feedback because we want this to be a compelling solution. What are your thoughts? How can we make this better?

https://redd.it/13w4bb2
@r_devops

Do you sometimes also feel like you're too slow?

Small rant.
2nd year in devops - working for a company built by devs for devs.
I had enough grit to learn to be able to build solutions in Python, Java and Go (or whatever other scripting language) in a decent manner.


You throw a problem at me and I fix it.
Have an idea? No problem - I'll make it happen.


Still. They make me feel like I'm too slow, like I'm not respected because of my ops background - but I think that in reality the tasks I get are novel enough to become slogs and need quite a bit of planning, experimentation and creativity to be finished. And more often than not some help from GPT to simplify and optimize code.
Every project is a context change for me and has more often than not never been done in our environment - most of the time using new technologies - and they still get angry that I'm just a tad faster than our junior devs (and I myself am a junior, find the error).
Next to that my focus is in stability - theirs is in getting it done yesterday.
Doesn't work as expected? Pff... just debug it 100 times till it works together with the devs.
Why do it right the first time?


The ones that actually think like me are my sysadmin friends. They understand me and my worries.
They know that we have to make blood sacrifices to the observability gods (as an example).

But for real now, what is going on?
I don't have a handful of techs I use for every single project because I'm specialized in doing one thing every day and because my solutions are routine.
I don't have any framework I can use as crooks or any mentor to fall back on if the project is novel to everyone. Ok, no, even for the simplest stuff I don't have anyone to ask.
I don't even have a teammate and have to handle 30 devs.
I even do my own task planning and whatever else you need to do to keep the ball rolling in an efficient manner.


Is there someone else here in a similar situation?
Any thoughts?

https://redd.it/13vvnwg
@r_devops

Rancher vs OpenShift opinions

I'm thinking of going with Rancher for cluster management and stuff. However, I'm aware there's also OpenShift. I'm wondering which of the two do you guys recommended, and what are you basing this on? Seems to me Rancher is less opinionated and can manage any cluster, anywhere, while OpenShift seems more opinionated and likely more suited for workloads already on Open-hift. I might be wrong, just wanna hear your thoughts. I'm a noob to kubernetes.

https://redd.it/13w5mz7
@r_devops

Retriggering github workflow from github action

Hi,

&#x200B;

I have a couple different github jobs that run when a PR is opened on my terraform repo. The first job is it runs terraform format, and if there's a diff, it creates a commit and pushes it. This hasn't been an issue until recent updates to our github actions.

I recently added tflint and tfsec jobs with an integration to problem matcher so I can get annotations on the files that changed in the PR. The issue is, when terraform format does actually make a change, the follow on jobs running tflint/tfsec put their annotations on the commit that triggered the action, not the commit that terraform format created. I've tried passing in the latest commit id,etc and that doesn't seem to solve the annotations being on the previous commit, instead of latest commit.

Is there some way to basically re-trigger this workflow when terraform format creates a commit. I've tried doing a couple things with passing in PATs vs the github token but it seems like the github action backend is still not firing the action. I feel like there is something obvious I'm not seeing but my rubber ducky isn't talking back lol.

Here's a little snippet of the github action file:

name: Terraform Pipeline
on:
pull_request:
branches:
- main
paths:
- terraform/**
permission:
id-token: write
contents: write
pull-requests: write

jobs:
format:
runs-on: ubuntu-latest
steps:
- name: checkout repo
uses: actions/checkou@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Set up Terraform
uses: hashicorp/[email protected]
- name: Format Terraform code
id: tf-fmt
run: terraform fmt -recursive
continue-on-error: false
- name: Push changes to Pull Request
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git status | grep -q "nothing to commit, working tree clean" && echo "Formatting ok, no changes made" || git commit -am "terraform fmt - PR #${{ github.event.pull_request.number }}" && git push

otherjobs:
...

&#x200B;

https://redd.it/13w4kvy
@r_devops

Creating ChangeLogs/Auto Tag Releases in mono-repo

I've been looking for a good system to automatically create ChangeLogs and tag commits for release. Seems like there are tons of options, but no consensus on what is wildly used. Any advice/articles to point me in the right direction would be amazing.

Primarily use Azure Pipelines for work, but looking at gitea actions, GitHub actions, or gitlab for personal projects and would most likely self host.

Thanks in advance!

https://redd.it/13w7ir1
@r_devops

Chef converge failing

My chef converge is failing at this resource

execute 'import-rds-certs' do
command "su - #{bamboo_user} -c \"#{bamboo_user_home_dir}/import-rds-certs.sh >> #{bamboo_user_home_dir}/import-rds-certs.log\""
user root
not_if "su - #{bamboo_user} -c \"keytool -list -storepass changeit -noprompt -keystore #{bamboo_app_dir}/bamboo-jdk/#{bamboo_jdk}/jre/lib/security/cacerts | grep 'amazon rds us-east-2 #{aws_rds_cert_year}'\""
end

The script of \\"#{bamboo\_user\_home\_dir}/import-rds-certs.sh is

#!/usr/bin/env sh

OLDDIR="$PWD"

if \[ -z "$CACERTS\_FILE" \]; then

# you should have java home configure to point for example /usr/lib/jvm/default-java/jre/lib/security/cacerts

CACERTS_FILE=$JAVA_HOME/jre/lib/security/cacerts

fi

mkdir /tmp/rds-ca && cd /tmp/rds-ca

echo "Downloading RDS certificates..."

curl [https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem](https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem) \> rds-combined-ca-bundle.pem

csplit -sk rds-combined-ca-bundle.pem "/-BEGIN CERTIFICATE-/" "{$(grep -c 'BEGIN CERTIFICATE' rds-combined-ca-bundle.pem | awk '{print $1 - 2}')}"

for CERT in xx\*; do # extract a human-readable alias from the cert ALIAS=$(openssl x509 -noout -text -in $CERT | perl -ne 'next unless /Subject:/; s/.\*CN=//; print') echo "importing $ALIAS" # import the cert into the default java keystore keytool -import -keystore $CACERTS\_FILE -storepass changeit -noprompt -alias "$ALIAS" -file $CERT done

cd "$OLDDIR"

rm -r /tmp/rds-ca

However, I am getting an error that I could not execute this resource

================================================================================
Error executing action `run` on resource 'execute[import-rds-certs]'
================================================================================

Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '127'
---- Begin output of su - bamboo -c "/home/bamboo/import-rds-certs.sh >> /home/bamboo/import-rds-certs.log" ----
STDOUT: ':lc' .:ll;. .;llc'
cllll;. .;llll:. .,cllllc
lllllll:' .:lllllc. .,:lllllllc
lllc;clll:'. .:llllllc, .':llllc,,clll
lll;..,clllc,. .:lll:cl:'.';clllc;. .:llc
lll; .':lllc,. .:llc..'';clllc;'. .:llc
lll;. ':llll;. .:c,'',:llll:'. .:llc
lll; .;llll:. .',:llll:,'',. .:llc
llo; .;clll:'. .';clllc;. .;lll, .:llc
lll; .,clllc,. ..,;clllc;'. .:lll;. .:llc
lll; .':llc'..,clllll:,''. .;lll:. .:llc
lll; ..'',:lllll:,.';cc. ,lllc. .:llc
lll; .':llllc,''...:olc. 'clll, .:lll
lll; ..;clllc;'.,:cc:;cllc. .clll;.:lll
lll; .,cllll:'. .,clllllllc. .:lllclllc
lll; .,:llll:,. ..,cllloc. .;llllllc
llo; .':llllc,. .';;,. ,llllll
lll;. ..;clllc;. 'clll;
lll:';cllll;'. ....
llllllll:'.
lllll:,.
Environment = local

Hostname = <sensitive info>

Username = bamboo
IP Address = <sensitive info>
OS Version = Amazon Linux 2

Box Admin = <sensitive info>
################################################
STDERR: /home/bamboo/.bashrc: line 2: $'\r': command not found
/home/bamboo/.bashrc: line 9: syntax error: unexpected end of file
/home/bamboo/.bash_profile: line 21: rbenv: command

not found
/home/bamboo/.profile: line 2: $'\r': command not found

: No such file or directory ---- End output of su - bamboo -c "/home/bamboo/import-rds-certs.sh >> /home/bamboo/import-rds-certs.log" ---- Ran su - bamboo -c "/home/bamboo/import-rds-certs.sh >> /home/bamboo/import-rds-certs.log" returned 127

I am just confused, what do

STDERR: /home/bamboo/.bashrc: line 2: $'\r': command not found
/home/bamboo/.bashrc: line 9: syntax error: unexpected end of file
/home/bamboo/.bash_profile: line 21: rbenv: command not found
/home/bamboo/.profile: line 2: $'\r': command not found

have to do with the "su - #{bamboo\_user} -c \\"#{bamboo\_user\_home\_dir}/import-rds-certs.sh" command?

https://redd.it/13w60lw
@r_devops

Should I have worked first as a developer before coming to a DevOps role?

I'm a career shifter from a non-technical industry. The first job was a technical support role, then moved to a bank for DevOps role after a year there. 1 year of working here and I still feel like I'm missing out on a lot on how our services work with one another.

https://redd.it/13wc1d5
@r_devops

Beginner DevOps Question

Hi I am just starting learn DevOps and received a practice assignment from my teacher.

1) I received java project and I used to Apache Maven to generate a .war file.

2) Now I am supposed to deploy the .war file in WildFly server in a docker container.

I am somewhat stuck in the second task since I fail to understand how docker file works. If anyone could help me make some progress in this exercise, I would appreciate it. I need help with creating a docker file and understanding its part in the whole process.

Thanks for any help and sorry if I am posting in the wrong sub.

https://redd.it/13wchyl
@r_devops

What do most people do for environment deployments with Git?

I had a similar question before, but now I just want to see what everyone else does either at their companies or personally. Currently using dev and prod branches introduces merge conflicts as the commits get extremely messy after a few months.

How do you separate dev, pre-prod (my company calls it go), and prod in their repositories for deployments?

I want to find a method that's just smooth and almost automatic when someone updates the helm chart.

https://redd.it/13wdtjr
@r_devops

How do I become a DevOps engineer?

Currently, I am a Quality Engineer with a total experience of around 1.5 yr out of which for 1 year. I have been on the bench not doing anything.

https://redd.it/13w1rna
@r_devops

'ekscli' vs. 'aws eks'

I see on https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html you can wither use the GUI, ekscli, or aws cli to manage your cluster and interactions.

ekscli looks neat, but I imagine I will also need to use the normal aws eks style due to other aws command line options (e.g. aws sts).

What tool would you recommend getting framliar with and why?

https://redd.it/13vs5hd
@r_devops

How to prepare for DevOps Engineer Technical Interview and scenario based questions?

I am having 2 YOE (Currently on a Career Gap). I am currently looking to get into DevOps. Started learning AWS, Docker Kubernetes, Shell Scripting but the technical interview seems to be more overwhelming and focused on troubleshooting the scenarios? How to effectively prepare for those ? What are the tools that one must know before entering into DevOps scene.

https://redd.it/13vsi3v
@r_devops

What are some opinions and experiences when choosing between Elasticsearch and Loki?

Title says it all. Looks like Loki is a little better on resources, but curious to others' experiences with ES or Loki, choosing one or the other, for storing application and system logs.

https://redd.it/13wjs0p
@r_devops

Prevent access to .env on a shared VM (Guacamole)

I possess a VM that is shared among multiple users, and we all use the same Guacamole account with a shared username and password. My objective is to install a Node JS application on the server while ensuring that other users cannot access the .env variable. One potential solution could involve encrypting the .env variable to secure its contents.


Can this be done by Containerization? I believe the root user can access the docker secret variables

https://redd.it/13wka9v
@r_devops