Creating ChangeLogs/Auto Tag Releases in mono-repo

I've been looking for a good system to automatically create ChangeLogs and tag commits for release. Seems like there are tons of options, but no consensus on what is wildly used. Any advice/articles to point me in the right direction would be amazing.

Primarily use Azure Pipelines for work, but looking at gitea actions, GitHub actions, or gitlab for personal projects and would most likely self host.

Thanks in advance!

https://redd.it/13w7ir1
@r_devops

Chef converge failing

My chef converge is failing at this resource

execute 'import-rds-certs' do
command "su - #{bamboo_user} -c \"#{bamboo_user_home_dir}/import-rds-certs.sh >> #{bamboo_user_home_dir}/import-rds-certs.log\""
user root
not_if "su - #{bamboo_user} -c \"keytool -list -storepass changeit -noprompt -keystore #{bamboo_app_dir}/bamboo-jdk/#{bamboo_jdk}/jre/lib/security/cacerts | grep 'amazon rds us-east-2 #{aws_rds_cert_year}'\""
end

The script of \\"#{bamboo\_user\_home\_dir}/import-rds-certs.sh is

#!/usr/bin/env sh

OLDDIR="$PWD"

if \[ -z "$CACERTS\_FILE" \]; then

# you should have java home configure to point for example /usr/lib/jvm/default-java/jre/lib/security/cacerts

CACERTS_FILE=$JAVA_HOME/jre/lib/security/cacerts

fi

mkdir /tmp/rds-ca && cd /tmp/rds-ca

echo "Downloading RDS certificates..."

curl [https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem](https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem) \> rds-combined-ca-bundle.pem

csplit -sk rds-combined-ca-bundle.pem "/-BEGIN CERTIFICATE-/" "{$(grep -c 'BEGIN CERTIFICATE' rds-combined-ca-bundle.pem | awk '{print $1 - 2}')}"

for CERT in xx\*; do # extract a human-readable alias from the cert ALIAS=$(openssl x509 -noout -text -in $CERT | perl -ne 'next unless /Subject:/; s/.\*CN=//; print') echo "importing $ALIAS" # import the cert into the default java keystore keytool -import -keystore $CACERTS\_FILE -storepass changeit -noprompt -alias "$ALIAS" -file $CERT done

cd "$OLDDIR"

rm -r /tmp/rds-ca

However, I am getting an error that I could not execute this resource

================================================================================
Error executing action `run` on resource 'execute[import-rds-certs]'
================================================================================

Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '127'
---- Begin output of su - bamboo -c "/home/bamboo/import-rds-certs.sh >> /home/bamboo/import-rds-certs.log" ----
STDOUT: ':lc' .:ll;. .;llc'
cllll;. .;llll:. .,cllllc
lllllll:' .:lllllc. .,:lllllllc
lllc;clll:'. .:llllllc, .':llllc,,clll
lll;..,clllc,. .:lll:cl:'.';clllc;. .:llc
lll; .':lllc,. .:llc..'';clllc;'. .:llc
lll;. ':llll;. .:c,'',:llll:'. .:llc
lll; .;llll:. .',:llll:,'',. .:llc
llo; .;clll:'. .';clllc;. .;lll, .:llc
lll; .,clllc,. ..,;clllc;'. .:lll;. .:llc
lll; .':llc'..,clllll:,''. .;lll:. .:llc
lll; ..'',:lllll:,.';cc. ,lllc. .:llc
lll; .':llllc,''...:olc. 'clll, .:lll
lll; ..;clllc;'.,:cc:;cllc. .clll;.:lll
lll; .,cllll:'. .,clllllllc. .:lllclllc
lll; .,:llll:,. ..,cllloc. .;llllllc
llo; .':llllc,. .';;,. ,llllll
lll;. ..;clllc;. 'clll;
lll:';cllll;'. ....
llllllll:'.
lllll:,.
Environment = local

Hostname = <sensitive info>

Username = bamboo
IP Address = <sensitive info>
OS Version = Amazon Linux 2

Box Admin = <sensitive info>
################################################
STDERR: /home/bamboo/.bashrc: line 2: $'\r': command not found
/home/bamboo/.bashrc: line 9: syntax error: unexpected end of file
/home/bamboo/.bash_profile: line 21: rbenv: command

not found
/home/bamboo/.profile: line 2: $'\r': command not found

: No such file or directory ---- End output of su - bamboo -c "/home/bamboo/import-rds-certs.sh >> /home/bamboo/import-rds-certs.log" ---- Ran su - bamboo -c "/home/bamboo/import-rds-certs.sh >> /home/bamboo/import-rds-certs.log" returned 127

I am just confused, what do

STDERR: /home/bamboo/.bashrc: line 2: $'\r': command not found
/home/bamboo/.bashrc: line 9: syntax error: unexpected end of file
/home/bamboo/.bash_profile: line 21: rbenv: command not found
/home/bamboo/.profile: line 2: $'\r': command not found

have to do with the "su - #{bamboo\_user} -c \\"#{bamboo\_user\_home\_dir}/import-rds-certs.sh" command?

https://redd.it/13w60lw
@r_devops

Should I have worked first as a developer before coming to a DevOps role?

I'm a career shifter from a non-technical industry. The first job was a technical support role, then moved to a bank for DevOps role after a year there. 1 year of working here and I still feel like I'm missing out on a lot on how our services work with one another.

https://redd.it/13wc1d5
@r_devops

Beginner DevOps Question

Hi I am just starting learn DevOps and received a practice assignment from my teacher.

1) I received java project and I used to Apache Maven to generate a .war file.

2) Now I am supposed to deploy the .war file in WildFly server in a docker container.

I am somewhat stuck in the second task since I fail to understand how docker file works. If anyone could help me make some progress in this exercise, I would appreciate it. I need help with creating a docker file and understanding its part in the whole process.

Thanks for any help and sorry if I am posting in the wrong sub.

https://redd.it/13wchyl
@r_devops

What do most people do for environment deployments with Git?

I had a similar question before, but now I just want to see what everyone else does either at their companies or personally. Currently using dev and prod branches introduces merge conflicts as the commits get extremely messy after a few months.

How do you separate dev, pre-prod (my company calls it go), and prod in their repositories for deployments?

I want to find a method that's just smooth and almost automatic when someone updates the helm chart.

https://redd.it/13wdtjr
@r_devops

How do I become a DevOps engineer?

Currently, I am a Quality Engineer with a total experience of around 1.5 yr out of which for 1 year. I have been on the bench not doing anything.

https://redd.it/13w1rna
@r_devops

'ekscli' vs. 'aws eks'

I see on https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html you can wither use the GUI, ekscli, or aws cli to manage your cluster and interactions.

ekscli looks neat, but I imagine I will also need to use the normal aws eks style due to other aws command line options (e.g. aws sts).

What tool would you recommend getting framliar with and why?

https://redd.it/13vs5hd
@r_devops

How to prepare for DevOps Engineer Technical Interview and scenario based questions?

I am having 2 YOE (Currently on a Career Gap). I am currently looking to get into DevOps. Started learning AWS, Docker Kubernetes, Shell Scripting but the technical interview seems to be more overwhelming and focused on troubleshooting the scenarios? How to effectively prepare for those ? What are the tools that one must know before entering into DevOps scene.

https://redd.it/13vsi3v
@r_devops

What are some opinions and experiences when choosing between Elasticsearch and Loki?

Title says it all. Looks like Loki is a little better on resources, but curious to others' experiences with ES or Loki, choosing one or the other, for storing application and system logs.

https://redd.it/13wjs0p
@r_devops

Prevent access to .env on a shared VM (Guacamole)

I possess a VM that is shared among multiple users, and we all use the same Guacamole account with a shared username and password. My objective is to install a Node JS application on the server while ensuring that other users cannot access the .env variable. One potential solution could involve encrypting the .env variable to secure its contents.


Can this be done by Containerization? I believe the root user can access the docker secret variables

https://redd.it/13wka9v
@r_devops

What are my (AWS) options for running one single container reliably?

My team has just me doing "deployment stuff" and we're a tiny startup. I have one microservice/container with code that won't go into our monolith. I need to find somewhere to run it in production (on internal VPC's 10.10 network).

The ones I can think of:
\- ssh & docker run with restart/service options
\- nomad "cluster" -- seems heavy to me for one container?
\- lambda -- my "microservice" is a nodejs script that listens to port80, but probably convertable to lambda runtime interface

Things I don't know anything about (yet):
\- kubernetes -- also maybe too heavy for one container?
\- rancher? -- What is this? can it help me?

https://redd.it/13woti9
@r_devops

Cloud Dependencies Need to Stop F—ing Us When They Go Down

https://thenewstack.io/cloud-dependencies-need-to-stop-f-ing-us-when-they-go-down/

https://redd.it/13wqex0
@r_devops

Thoughts about my thoughts on performance / alerting metrics?

Curious for some feedback from folks, I was laid off a few weeks back and find myself dealing with the whole process of recruitment.

Something I consider a significant success that I like to talk about in interviews was writing a whole slew of "synthetic user transactions" as a method of gauging platform health.

That involved working with the app developers to plumb transaction time values for things like login, password reset, interaction X or Y as part of the API call responses.I came about with about 15 of them which fired every few minutes (or in some cases more regular) as a much more effective way to gauge how the entire system was working as opposed to "CPU High 90% - call Pagerduty".

I was (I guess I still am) quite proud of that as a monitoring solution. They were just AWS lambda functions performing tasks and checking the response times - but in that particular case it made it so much easier to identify what was bottle-necking and or "crapped out".

Thing is, I've had some fairly frosty reception to that when explaining it to recruiters / hiring managers and I'm wondering if I've missed something?

My take has long been, if you're paying for an instance of <insert service here> it's fine for it to hit it's peak CPU / memory / cache / whatever, you're paying for that - I'd care more about if the user experience is suddenly gone terrible?

I appreciate this is more of an SRE question.

https://redd.it/13ws7qv
@r_devops

how to package on-prem solution?

I have a SaaS (AWS stack) and want to package it for on-prem offering.
I don't have experience with "enterprise software" but from what I've seen most projects charge an annual license + annual support built in.

If I go and replicate the AWS stack on their environment (using client user/pass and then they change it), I'm thinking that:
a. I'm giving away all the source code.
b. How do I ensure that they don't resell the solution? This would probably need a contract but I don't know what kind and I worry it will complicate things.
c. If I give away all the infrastructure and code, how can I get paid for the second year?
d. I could also charge based on their users, but how can I monitor this?


I would appreciate if anyone is aware of a structure/packaging that makes sense for this, or any thoughts on this matter.

https://redd.it/13wuj9a
@r_devops

Architecture of OTT Platform

Totally noob in devops.

I was wondering if there's any way to understand how a typical flow or architecture works for a OTT platform.

https://redd.it/13ww6oc
@r_devops

Looking for advice on releasing my app while still incomplete

Hey everyone! I’m looking for advice on the most cost-effective way to release my app while there are still lots of things incomplete. Should I use a single server instance (AWS, GCP, Digital Ocean…) with all databases (mongo, postgres, redis), and codebases (node, golang, react, nextjs) of 3 different apps installed in ONE server; or use different cloud services for Database, Docker, Kubernetes etc.?

I need to release my MVP to show early users and get feedback. But it consists of 3 different loosely connected apps and I’m sure there are obvious insecurities. I would have to disable some authorization features in my MVP for the 3 apps to send API calls to each other, including from the client. I need to do so because I need users to test-use it and get their feedback to fix and improve ASAP (to get traction and raise investment). If I put them in a single server, I’m afraid a hacker can easily get access to root, users' data and confidential codebase (my startup is still in stealth mode).

Also, I need a server that is much more powerful than the free-tier server provided by AWS or GCP. I have a few thousand AWS credits but are not able to use them yet. What is the most cost-effective way to deploy my MVP? Any advice would be greatly appreciated!

What would you do if you were me?

PS: I have little experience with DevOps. Mainly backend > AI/ML > frontend. Therefore the questions.

https://redd.it/13wvg70
@r_devops

Any good write-ups on implementing IaC in your environments?

Any good place to read up for my write-up? :-)

https://redd.it/13wt09c
@r_devops

Strategies for converting an existing deployment to IaC?

Like many of you, I have my aws sandbox and dev fully automated with terraform. The environment configuration even roughly matches production. However, prod was built starting back in 2012 and is a delight of manual console changes.

Leadership is convinced the only approach is to build an entirely new production environment (six months or more of work) and eventually cut over and burn the old one to the ground.

I don't buy it. There must be a reasonable way to break down and do a service by service terraform import with some tweaking.

https://redd.it/13wr3fp
@r_devops

Ugh I fucked up and need some love

Usually I don't beat myself up but today I fucked up and just feel like an absolute idiot

Created new subnets for our AKS cluster
More IPs!
Rolled out new node pools very easy all looking good

Restarted each deployment and everything moved over nicely and I finished my day....

Thought I'd check slack on my phone to see if there was anything going on and yep .. incident call the region I was working in can't connect to 2 things....

I forgot that I needed to update these two things with the new subnets...

I finally get on the call as they are resolving and wrapping up

No one is pissed off, my manager said "fortune favours the brave, sometimes we get it right alot of the time we get it wrong, we just learn"

And he's right but I just can't stop beating myself up over such a stupid mistake...

As soon as I saw the incident room was busy I knew exactly what I forgot...

Time to find some long rizzla and forget today...

How was your Wednesday..

https://redd.it/13ww4cf
@r_devops

Engineering Methods Based on Fictional Characters

https://dathan.github.io/blog/posts/engineering-methods-based-on-fictional-characters/

A post on relating to other engineerings on how to estimate work to how to approach fixing problems. What methods do you use to communicate to others on approaching problems and working with engineers?

https://redd.it/13x8d3e
@r_devops