How to block incoming traffic from certain IPs?

I encountered unwanted traffic from a small group of IPs, I decided to block them, but I didn’t quite understand how



After looking at a couple of articles about nginx, I realized that you can specify deny ip; but for some reason he was never able to block my IP, for some reason I still had access to the site



I wanted to check with you whether it is possible to block an IP to my server at the Google Cloud level and how, maybe there is a detailed article?


Thank you all in advance for your time

https://redd.it/1io03sx
@r_devops

Right tool for the task

I need to check a large number of Linux servers for storage, networking related config files and settings. I would be executing a lot of commands and I like to write complex logic based analyzing the output of the commands.


Is Ansible the right tool ? Or there other tools I need to be evaluating ?

https://redd.it/1io3cg4
@r_devops

Creating test databases from the production database?

Assume I have a production Postgres database running on secure server infrastructure. It contains information that the company considers to be sensitive (e.g. they wouldn't want it becoming public) but it isn't regulated (e.g. GDPR doesn't apply to the data.)
My developers need to pull down a copy of this database for testing purposes on local laptops. They are OK with sensitive data being randomized or sometimes masked. They will be using these test databases to test local versions of the software on their laptops during the development process.
I do not want to install any extensions on the production database. I'm also wary of a messy set of scripts that may be challenging to review.

What's the best way to solve this problem?



https://redd.it/1io3ql6
@r_devops

Create secrets from a p12 cert

I have a .p12 cert:

1. Converted .p12 to .pem: winpty openssl pkcs12 -in cert.p12 -out cert.pem -clcerts -nodes
2. Extracted the private key from the pem file: winpty openssl pkey -in cert.pem -out key.pem
3. Extracted the cert portion from the pem file: winpty openssl pkcs12 -in cert.p12 -cacerts -nokeys -out ca.crt

Now I need to create a secrets.yaml that has ENC[AES256_GCM,data ...,type:str\]block in it but not sure how to do that. I used the openssl enc command and it encrypts the data which does not give me the ENC blocks I need. sops -e and base64 -w0 also do not create these blocks. Could someone please shed some light on this?

https://redd.it/1io3uvv
@r_devops

Need suggestions on IAM roles and policy

How are you contorting IAM roles and polices in you Org .
What is your experience ?


https://redd.it/1io99h6
@r_devops

What Are the Common Challenges Businesses Face in LLM Training and Inference?

Hi everyone, I’m relatively new to the AI field and currently exploring the world of LLMs. I’m curious to know what are the main challenges businesses face when it comes to training and deploying LLMs, as I’d like to understand the challenges beginners like me might encounter.

Are there specific difficulties in terms of data processing or model performance during inference? What are the key obstacles you’ve encountered that could be helpful for someone starting out in this field to be aware of?

Any insights would be greatly appreciated! Thanks in advance!

https://redd.it/1iobdm4
@r_devops

Where do you store your config, code snippets?

DevOps professionals, where do you typically store your code/config snippets, and how often do you find yourself reusing them?

https://redd.it/1ioebag
@r_devops

suggestions/advice needed

Hey Guys,
I am a experienced Devops engineer 13 years with good experience in migration projects from on prem to cloud.
However I feel stuck in my career and would like some advise, to move forward.
As of now, I don’t hold any certs for any cloud provider but I am open to that if required.
Suggestions/Advice welcome.

https://redd.it/1ioesgu
@r_devops

Senior DevOps Engineer Resume Review & Critique

Resume

I've been working on my resume to maximize my chances of landing a Senior DevOps Engineer role.

Does my resume clearly convey that I am targeting senior positions? I haven't included detailed descriptions of tasks like writing custom CI/CD pipelines, optimizing monitoring stacks, or designing multi-cloud networking architectures for cost and latency optimization, as adding these details would make my resume exceed one page.

Should I remove older experiences and focus more on my current role? Additionally, I have worked extensively as a DevSecOps Engineer—does my resume reflect that effectively?

Please Feel free to tear it apart !!

https://redd.it/1iogqnw
@r_devops

Best Cloud Provider for AI-Powered Android App? AWS vs. Oracle vs. Others?

Hey everyone, I'm working as a solution architect for a startup building an AI chatbot app for mental health support. The app will be available on Android (and later web), using generative AI trained on medical data. We need a cloud provider that is cost-effective, scalable, and reliable, especially for handling AI workloads, chat history storage, and blockchain-based data selling. Right now, we’re debating between AWS and Oracle (since Oracle might be cheaper in Egypt), but we’re open to other suggestions.

**Some key points:**

* AI processing: Need a strong ML/AI infrastructure.
* Data storage: Must retain chat history per user like ChatGPT.
* Scalability: Targeting 100,000 users in the first year, possibly more.
* Cost: We will test on free tiers but need a sustainable pricing model later.
* Performance: Needs to handle real-time AI chat interactions smoothly.

Which cloud provider would you recommend for our use case? Anyone with experience scaling AI apps on AWS, Oracle, or other platforms?

Also, if you have insights on bandwidth costs, database choices, I'd love to hear them!

Thanks in advance.

https://redd.it/1ioju1a
@r_devops

Quick question about whether should I join an organisation or not ?

I am unemployed from past 1.4 years.

I want to enter into devops field and recently received an offer from a company for the post of junior Devops Engineer but when I read the reviews on ambition box , 50% of people have mentioned that CEO is not friendly and shouts at people and work culture is not top notch, also I will be on probation period for 3 months.

I desperately want a job and enter into devops field to learn about tools and technologies.

I am second guessing to join or not.

Any suggestions will be helpful...

https://redd.it/1iokqsl
@r_devops

Is there a 'NetBox for cloud environments'?

For the past 15 years of my career I was working with onpremise environments, primarily as a network and infrastructure engineer. At my last job we worked with NetBox as a SSOT and pretty much used its entire feature set for DCIM, IPAM, VLANs, configuration and change management etc. and were pretty happy with it. I recently started a new job in an OPS team of a company providing a SaaS platform. Everything is in the cloud at various providers and is entirely managed through Ansible.

While this approach works for the most part, there are (at least IMO) some design flaws, for example the inventory is built from the currently active resources in a group, so there is no defined desired state for the resources themselves.

So long story short, I'm thinking of building a SSOT solution to resolve this (and some other) issue(s). However, I was unable to find a solution which focuses on cloud environments. I considered using NetBox and 'abusing' some fields to reflect cloud environments, but I'm pretty sure this is not feasable in the long run.

What's a viable approach here?

https://redd.it/1iom1ir
@r_devops

Debug & chill - Articles of infra & devops debugging

Hey everyone!
Back in 2020, I started jotting down notes about various debugging adventures to keep track of my process and insights. I’ve finally turned them into a series of blog posts—totally free and purely for educational purposes. If you’re curious about network troubleshooting (and some cool tools to help you along the way), check out the first episode here:

Debug and Chill #1

It covers a relatively simple network issue but offers plenty of takeaways you can apply to other situations. I hope you find it helpful! Let me know what you think.

https://redd.it/1ion4wj
@r_devops

Experienced sa/devops - Learning basic Python quickly

I have over 5 years of experience with linux system administration (all the classics), and cloud/DevOps (terraform, kubernetes, ci/cd etc) and I know how to write basic bash scripts. I have a few interviews coming up and I understood that there will be fairly basic coding assignments.

I guess that they can be done with Bash, but diving deeply into bash seems a bit pointless to me, and the syntax for scripts that are above something basic looks complicated.

I worked with Python, sometimes helped debugging some code, I can kind of understand it, but I can't really write it (without gpt), I never learned it properly. Is it realistic and is it a good idea to try to intensively learn the basics to the level of solving a coding challenge in an interview for a DevOps position in let's say a week? Or I'd better spend this time diving deeper into bash? And which learning resources would you recommend in my case? I see that many courses are geared towards developing and such while it's not as relevant in my case.

https://redd.it/1iooi80
@r_devops

Thank you all and Goodbye!


I got told I'm affected in VMware's latest layoffs, and I've decided to quit tech after 10 years and focus on my knifemaking hobby to be more consistent in delivering orders on time :D

Reading this sub throughout my career has been so helpful professionally, so thank you all! Wishing everyone's servers/deployments good health! Goodbye!

https://redd.it/1ioqk17
@r_devops

Is there any free database client for MacOS which supports IAM auth?

wondering if there is any database tool for MacOS that has support for IAM based authentication.

It looks like licensed versions of dbeaver support it but I'm wondering if there are any other options.

https://redd.it/1iori6w
@r_devops

I'm having some serious problems with GitHub Actions

Hello there.

I am just a poor dotnet dev trying to automatize the release of his internal app.

What I wanna do in a single action is:

- Build the app in a runner (it's a WinForms app, so it has to be windows-latest)

- Name the release in a certain pattern (e.g. yyyy-MM-dd_vXX) where XX is the build number of the day (so the first release for a day will be 01, second release for the day 02 and so on).

- Then zip the build output and make a github release.

I've spent literally the past 12 hours trying to get this to work somehow.

I'm at the stage where I've got a little app written in Go that uses the GitHub API to get and increment the version string. It then outputs three strings (name of the release, name of the zip file, name of the db-migration-runner-app zip file), which are then supposed to be written to the $env:GITHUB_OUTPUT file using a little powershell script.

The Go program is a separate repo/action that I am using in the main dotnet app workflow. It then tries to pass out the strings in the action outputs to be used in next steps, but to no avail.

Here's the relevant output part of the Go app's action.yml

releaseName:
description: 'Name of the release'
releaseNameZip:
description: 'Name of the release with a .zip suffix'
migratorNameZip:
description: 'Name of the release'

I've tried doing this after supposedly setting the file in the action (powershell):

Write-Host "Reading github output file"
Write-Host (Get-Content -Path $env:GITHUB_OUTPUT)

But the runner's logs show nothing.

So I've tried getting the $env:GITHUB_OUTPUT using the simple pwsh command:

$env:GITHUB_OUTPUT

Yet it shows that the variable inside the runner is empty for some reason

I'm contemplating three options:

- Commiting sudoku

- Rewriting this action in JS and using official bindings instead of go

- Using a different scripting language to just build + increment version + zip + upload release in one "step".

https://redd.it/1iotow3
@r_devops

DevNetOps for everyone!!

Hi everyone, I am a program manager for a national network operator working in the company’s technology, strategy and engineering org. This org has also recently absorbed some IT teams. The org has around 500 staff. Some teams are using devops, most aren’t. Some teams are quite agile while others are still managing workflow and communication through email. A large chunk of staff are working in PMOs and have not been exposed to the foundations of DevNetOps at all. Ive been assigned to manage a new program/initiative to raise awareness about devops, roll out some training, facilitate fixing some problem processes, automate anything possible and to generally get people collaborating. We have already made some great big strides in the first 6 months. We are going to start running some value stream mapping sessions next month, just looking for the right process to assess.

I just want this program to be really successful. I want staff to feel comfortable coming to our program to get relief from their daily pain points and I want to help deliver meaningful impact. If you were part of this organization, what could the program or I as the PM do to bring you and your team closer to devops?

https://redd.it/1iox766
@r_devops

What should a DevOps newb learn?

I'm a second year comp sci student and I'm starting a DevOps internship in a few weeks. I haven't had any classes on OS or Comp Architecture yet, but I've done research on linux, docker, and kubernetes for this role. What should I be focusing on as a newbie to devops to have a strong learning foundation?

https://redd.it/1iowwps
@r_devops

Getting into DevOps in 2025?

I'm thinking of going down this training path to become a devOps engineer. Targeting Azure.

I did some Javascript development and scripted alot using powershell, python, bash, Javascript. I love to automate. Right now I fell back into A+ technical support.

Development (especially web and front end) seem to been taking a huge hit. And so I want to get into devOps.

1. Is devOps also taking a hit these days? How's the Job market currently?

2. Does this path seem good to you?

AZ-900 – Azure Fundamentals

AZ-104 – Azure Administrator

AZ-204 – Azure Developer

AZ-400 – Azure DevOps Engineer

AZ-305 – Azure Solutions Architect

HashiCorp Certified Terraform Associate

Docker Certified Associate (DCA)

Certified Kubernetes Administrator (CKA)

I'm just trying to see if it's worth doing all this studying. Mind you I'm American and worried about AI and near/offshoring. I don't know if it's wise to invest my time and effort for something that might go away and die in the US. If anyone with experience knows please let me know. Thank you.



https://redd.it/1ip0n41
@r_devops

Can a 10+ years experienced Support Engineer switch to Devops ?

Hi Guys,

I have total experience of 10+ years in IT industry (4 years in developement and reminaing in Support). I recently lost job due to layoffs. My doubt is whether I can switch Devops in this situation. I have started learning Devops but have this doubt in my mind. So, please help me clear my doubt.


https://redd.it/1ip21wc
@r_devops