Pipelines help

I'm quite new to pipelines and still learning about it. Currently I have a server(VM with SSMS on azure)

I'm trying to create a new pipeline from dev ops to backup(a selected database) and restore that backup as a different name(with mdf and ldf names changed as a variable). I would also like to run SQL scripts on that database with the pipeline.

How would I go about creating this pipeline? Would I need to use power shell scripts for this/power shell scripts to run the SQL scripts or use YAML scripts.

Any general steps would be appreciated to just get a basic idea.

https://redd.it/1c0vs0i
@r_devops

Getting laid off, advice on a good next role?

I’m an associate in devops, have about 1.5 YOE. It’s been such a deep dive learning everything, and I am not sure if i’ll be able to land another DevOps job- it’s the only programming job i’ve had so far so it’s all i know.. what other roles should i apply to that can make use of my DevOps skills?
I’ve been working with python, bamboo, EKS, terraform, ansible, artifactory, grafana, kubernetes, helm.. can go on- but my experience in these areas is not as deep as i’d like it to be. Currently working on getting my AWS Cloud practitioner cert, but again i don’t think i have enough knowledge to pick up another DevOps job.
Any advice on other related roles I can apply to would be really helpful! I love working on the back end of things. Most likely getting laid off in August so I’ve got a bit of time to upskill as well.

https://redd.it/1c11g1g
@r_devops

Experience with EnvKey?

https://www.envkey.com/

I see lots of recommendations for Vault/Infisical/Akeyless for doing secret management. I just happened upon EnvKey, which seems...well, a little too good to be true ¯\\\\\\_(ツ)_/¯

Have other folks used EnvKey and can either make a determination of "Stay far away", or "Definitely use 10/10"? TIA!

https://redd.it/1c131jr
@r_devops

The SAAS Tax

Hey everyone!

So, we've been noticing a LOT of SaaS companies are kinda sneaking in price hikes of 10% or more this year. Like, out of nowhere, a new account rep pops up weeks before your renewal, and bam, there's your increase. Not cool, right?

We're tired of this and decided it's time to gather some real talk on this. If you've got stories or know some apps that are guilty of this, hit us up. We're putting together some research to hopefully make some noise about this. Also, we made this super quick form right here for you to spill the tea 🍵.

It'll only take a minute, and who knows, maybe we can help make a change together. Thanks for helping out!

Let's show 'em we're not just gonna sit back and take it!

https://redd.it/1c15ix8
@r_devops

Is this a viable alternative to Hashicorp Vault?

For those who use Hashicorp Vault currently, how would you compare this to Vault?

https://redd.it/1c16rle
@r_devops

Branch versioning with semver + gitlab flow

I’m investigating using gitlab flow as a new branching strategy with semver for automated versioning in a project, and have been reading this for inspiration https://about.gitlab.com/topics/version-control/what-are-gitlab-flow-best-practices/

Feature branches would merge to master, and once ready for release would merge master into release branch. To trigger a automated release pipeline in gitlab (build, package, test etc.) we’d push a semver tag to release branch.

Now this feels like a great workflow, but I can’t figure out how to handle versions on master if the release version is purely based on tags that exists on release branch. We could easily add some metadata that the dev builds have, like major.minor.patch-dev e.g. But I still don’t understand a good way of setting the major.minor.patch versions for master without having a checked in version file, which feels like the thing you want to avoid when doing tag based releases.

Developers will often use master builds during development, and need some way of distinguishing between builds. Maybe I need to rethink how versioning on master should work, so interested in hearing some opinions on my problem!

https://redd.it/1c18f9h
@r_devops

EKS cost optimization (KubeCost)

Hello Guys, I am a devops engineer Intern at a company and I have been assigned to two different projects. One of them is "EKS Namespace cost optimization". I have been given the links of KubeCost that is deployed already. Can anyone give your thoughts on how should I approach this project? It would be much helpful.

https://redd.it/1c196gf
@r_devops

Is it worth to start DevOps career

Hi, I'm thinking about changing my job a bit. I was Automation QA Engineer and after that PM from quite some time (10y total). Recently I came to conclusion that beeing Jira jockey is my thing any more.

In past I did ISTQB, CCNA (2012), RHCSA and RHCE (2016) and I still remember how to be proficient with Python, GIT and Linux servers hovewer I don't have any expience in Docker/K8s and cloud services providers.

I'd like to ask you how do you see getting into DevOps taking for an account my bacground and mid/longterm perspective of DevOps as a career path.

Any advice appriciated :)

​

https://redd.it/1c1d3no
@r_devops

Conduktor 2.0 - Free Tier Expansion - Collaborative Kafka Development Platform

Hi All,
Product Director here at Conduktor - wanted to share news that we recently opened up our free tier to make it accessible to everyone regardless of your data streaming experience.
TL;DR What is Conduktor? A collaborative Kafka development platform that connects Developers, Architects, Ops and Platform teams working in the Kafka ecosystem.
Few taster features:

CLI + APIs for automation + GitOps for Kafka Self-Service
Console with Live consumer + Producer functionality
Drill deep into topic data (JSON, Avro, Protobuf, custom SerDes)
Embedded monitoring and alerting (consumer lag, topic msg in/out etc.)
Kafka Connect auto-restart
Dead Letter Queue (DLQ) management
E2E Encryption through our Kafka proxy
Complete RBAC model (topics, subjects, consumer groups, connectors etc.)

You can read the full announcement here and getting started here:
https://v2.conduktor.io/
Any questions - feel free to shoot :)


https://redd.it/1c1dyma
@r_devops

How to establish encrypted communication (SSL) via reverse proxy to PostgreSQL?

So far I have three components:

* C (client - DataGrip, TablePlus, LookerStudio, MetaBase, etc...)
* P (proxy - nginx) - docker container
* DB (database - postgres) - docker container

I want to enable clients to use SSL, but I want to keep the encrypted connection only between C and P.

So my current working solution is

C --> P --> DB

and I want it to be

C -- [SSL] --> P --> DB

What do I do?

So far, I have working SSL for HTTP(s) connection on the proxy, using Let's Encrypt certificates. This is working fine. But Since I want to encrypt TLS communication, I need to configure \`stream\` in nginx. I tried to do the same as I did with HTTP, but it does not work. Client cannot connect.

**More details:**

I have several Docker services running, one of them is a database. I make connections via SSH tunnel, which is working fine. However, I want to open a port for connecting to the DB directly (as some BI tools do not support SSH tunnels). I do not want to expose the DB server, so I opted for reverse proxy via nginx, as I already use it for other services that communicate over HTTPS. The proxy is working just fine, but only if I do not enable SSL. I cannot get it working.

If I do exactly the same as with HTTPS, I get error:

[emerg] 1#1: the shared memory zone "le_nginx_SSL" is already declared for a different use in /etc/letsencrypt/options-ssl-nginx.conf:7

This is probably cause the cache memory zone is already being used by other 2 services (https). If I simply rename the zone, it does nothing. Nginx starts, but no communication is picked up (at least by access logs).

My nginx configuration for the stream is:

stream {
server {
listen 9856 ssl;

ssl_certificate /etc/letsencrypt/live/domain.com/fullchain1.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey1.pem; # managed by Certbot
include /etc/nginx/cert/options-ssl-nginx.conf; # managed by Certbot

ssl_verify_client off;

proxy_connect_timeout 60s;
proxy_socket_keepalive on;
proxy_pass projects-client-project-database-1:5432;
proxy_ssl off;
}
}

If I turn off SSL by removing ssl keyword from the listen directive, it works fine (but without SSL).

​

PS: I am new to devops, I am configuring my first VPS so maybe I am having a completely wrong idea.

https://redd.it/1c1fkyg
@r_devops

Junior DevOps Engineer - London - Stuck on how to career progress?

Hi all,

I have worked in accounting up until I turned 26, last year and managed to secure a DevOps role in May 2023. I will have been in my current role for just shy of 1 year now. Before moving into this position, I had some hands on experience with coding, and helped at my previous role in the IT division, so I managed to learn about servers, etc. And ended up setting up my own Homelab.

I really really enjoy this career, however I know that I am a bit out of my depth. I have followed the DevOps Roadmap and have taken courses and played around with a majority of the tech stack. Now here's my issue..

The company I am with had me benched for the first 6 months. It was pretty much just me sat at home, learning courses on different things. Projects were meant to come my way but they never did. Then at the 6 month mark, I've been put on projects. Now it's odd, because my title is 'Junior DevOps', but almost immediately my first project was me on my own. I didn't get any guidance, and was just given a SOW that I made my way through. Whenever I asked for help, people were busy or I would get help but kinda half assed because they had to go do something else. I was getting complained at a lot by the customer, for things that I was never told about, but I managed to make my way through and complete that project. It was the most stressful 4 months of my life. I learnt a good bit, but I was working 7am in the morning till about 9pm every night, just to ensure I got the work done.

I've now been put on a new project, and it's kind of similar. I have someone who comes in every now and then to review my work, but it's a bit more like they are cautious over me not making any mistakes like last time, as opposed to offering me guidance. Because of this, I feel like I'm not really learning from the company, it is stressing me out a lot and on top of it my pay...

I get paid 32k per year. I was told at my 1-year mark that I would get a pay rise, however, the company says that pay reviews are done in March, and I will have missed this at my 1-year review, so I won't be getting a pay rise. The company knows I can't leave because I have no prior experience and now just 1 year at this company. I feel like I'm in a terrible catch-22. The pay isn't the biggest thing to me, but it does hurt knowing how constantly stressed I am, any learning I get is more from myself as opposed to the company offering it, and to top it off I'm in London on 32k, where the train commute into work eats up most of my pay.

tldr: 1 year DevOps experience, low pay, very little learning at company (but better than none). What should I do?

https://redd.it/1c1hdoo
@r_devops

OpenTofu’s Response to HashiCorp’s Cease and Desist Letter

On April 3rd, OpenTofu received a Cease and Desist letter from Hashicorp claiming copyright infringement on the part of one of our core developers. For full transparency, the link contains the original C&D, our response letter, and the detailed source code origin document resulting from our investigation.

The OpenTofu team vehemently disagrees with any suggestion that it misappropriated,
mis-sourced, or otherwise misused HashiCorp’s BSL code. All such statements have zero basis
in facts.

Despite these events, we have managed to carry out significant development on OpenTofu 1.7, and we will be releasing a new pre-release version next week, including provider-defined functions!

Here’s the blog post with all the details: https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/


https://redd.it/1c1ishn
@r_devops

What is the biggest unsolved problem in DevOps?

For me the biggest problems are human problems: it can be very hard to 'sell' executives on reducing tech debt. But what do you think is the biggest unsolved problem in DevOps?

https://redd.it/1c1iacy
@r_devops

Waste of time or good learning material?

For context, I was pretty much a “Pipeline Monkey” or Pipeline Mechanic (systems engineer - vague title) in my previous role where i was constantly troubleshooting Developer builds in Jenkins and helping them on the CI side. There wasn’t a lot of opportunities for learning more tools, as this was taken by the Seniors which we had on the team and the juniors just worked on tickets.

Now i accepted a junior Devops position, 1 year into it and it’s super slow. Although learning ECS, terraform, etc. Lots of time has been spent on raising the appropriate access etc. Very little hands on and most of it has been copy/paste.

I do have some “downtime” aka waiting for feedback from Principal engineer before i do TF applies, changing DB configurations etc etc. I was thinking of learning the following to help upskill,

- personal website project set up with AWS s3, route53, etc. Implement first perhaps manually, and then after I would update the configuration to be done via terraform- perhaps configure this to use a AWS CI/CD pipeline(currently learning) - and maybe set this up in ECS fargate? Not sure if this would be overkill(roughly $10 USD a month to leave it running continuously ?)

- Learn Python - small side projects

- Get better at AWS networking ; setting up a 2 tier web application, even ones that may say, “hello world” - is this feasible or a waste of my time?

https://redd.it/1c1i8vc
@r_devops

Sonar scanner SSL issue

SonarQube server & Jenkins master are running on Linux machines. Sonar scanner is installed on a Windows server that is a Jenkins slave machine. A dot net application needs to be scanned. I have a build pipeline that builds, run sonar, and deploys the dot net application. Sonar scan fails due to TLS error. It's a self-signed certificate and it was already installed in the Windows server Java keystore including the cert chain. What is the issue here? I tried a curl command, curl -k https://mysonar.com/api/server/version in the same jenkinsfile it works.

https://redd.it/1c1iyuf
@r_devops

What browser do you use and why?

I have been a Chrome user for almost all my career but every once in a while I see a 'privacy-aware' engineer, mostly from DevOps/SRE background, use browsers like Vivaldi or Brave or something else.


What are your views on chrome?
Is Chrome safe enough?
Does it make sense to use any other browser?

https://redd.it/1c1onb9
@r_devops

Help with a project

I'm currently working on a university project, basically it's a jobs website for freelancers, my question is, should i use elasticsearch or the postgreSQL full text search, we're doing this project alongside a real business, they already own a job search website, so it's safe to think that there's going to be a lot of users and job offers if the website is finally deployed for them(we're doing the proyect with Django, id that's relevant)

https://redd.it/1c1q0kg
@r_devops

what's the easiest vps rolling deploy setup?

I have a website that I deploy as a jar to a VPS via 3 commands (build, scp, run) as a one man operation. I do this multiple times a day. My site is down for maybe 10 seconds at a time when I do this.

I understand the concept of a rolling deploy but not sure what technologies I should use to implement. Many setups and technologies seem to be for large orgs.

https://redd.it/1c1ufm2
@r_devops

It's getting blatantly obvious when our junior guys are copy/pasting GPT lol..

I've started having them review their PRs with us on a call, and describe what the actual fuck is going on in their PR.. then the fun ensues when they can't explain anything lol

FWIW the code does work most of the time for what it's intended to do, but if you're going to use an AI to help you be able to know what you're submitting..

The kicker is that we've blocked all AI tools at our workplace, but you can obv just use your personal device to get some output..

Most of the time it seems to way over engineer a simple task with some random library.. again.. it works, but there's easier ways to accomplish the task.. this is typically the giveaway

https://redd.it/1c1zl0q
@r_devops

Exploring Platform Engineering for Enhanced DevOps Efficiency

As DevOps professionals, we constantly strive to optimize workflows and empower development teams. Yet, the growing complexity of infrastructure often poses a significant hurdle. Could Platform Engineering be the key to unlocking greater efficiency and agility within our DevOps practices?


Platform Engineering: A Strategic Approach to Infrastructure Management
Platform Engineering centers on the concept of building internal developer platforms that provide self-service capabilities, standardized tooling, and streamlined workflows. By abstracting infrastructure complexities, it empowers developers to provision resources, manage environments, and deploy applications with increased autonomy and efficiency.


Key Benefits for DevOps Teams:

Accelerated Development Cycles: Self-service provisioning and automated deployments eliminate bottlenecks and accelerate time-to-market.
Reduced Operational Overhead: Centralized platform management streamlines infrastructure provisioning, configuration, and maintenance, freeing up Ops teams to focus on strategic initiatives.
Enhanced Collaboration & Ownership: Platform Engineering fosters a culture of shared responsibility and collaboration between Dev and Ops, breaking down silos and promoting a unified approach to software delivery.
Improved Developer Experience: By providing a streamlined and intuitive platform, developers can focus on writing code and innovating, without getting bogged down in infrastructure complexities.


Delving Deeper into Platform Engineering
If you're seeking ways to enhance your DevOps practices and overcome infrastructure challenges, I encourage you to explore the world of Platform Engineering. The r/platformengineering subreddit offers a valuable resource for learning, sharing experiences, and connecting with fellow professionals passionate about this evolving field.


**Here are some discussion points to get you started:**

* What are the core components of a successful internal developer platform?
* How can Platform Engineering principles be integrated into existing DevOps workflows?
* What tools and technologies are essential for building and maintaining a developer platform?
* What challenges have you encountered in implementing Platform Engineering, and how did you overcome them?


Join the conversation on r/platformengineering and let's collectively navigate the path towards greater DevOps efficiency and agility through Platform Engineering.

https://redd.it/1c22w8d
@r_devops

Will people ever grow up wanting to be a DevOps engineer?

I understand that DevOps as a methodology hasn't been around for that long to expect people to be aware of it in their high school and early college years.
But will that change in the future? Will more people decide to be DevOps engineers from the start of their careers? The assumption I have (and happy for you to challenge) is that the people I know in the DevOps space usually say they "fell into" the field. I'd be interested to know if that's the case for people here in the subreddit, if so what was it about the DevOps position that attracted you to it in the first place? And in 5/10 years will DevOps become people's first option? Cheers



https://redd.it/1c24rbg
@r_devops