Deploy to production based on git tags?

What is a good branching strategy for CI/CD? Would the master branch matching with the staging environment with promotions to production via git tags and good idea?

https://redd.it/f7j0xb
@r_devops

Am i good to go for devops

Started my career as linux admin a year back in a startup, now this is what I've learnt so fat,

Setup test servers in GCP with Oracle DB, Weblogic, Tomcat, redis, postgresql and few basic tasks on them


Deploying jar files along with UI files in Weblogic

Deploments in Solaris

Setup flexcube test environment from scratch on a Centos server.

Create fresh database and schemas. Export and import DB dmp files,

Very little mikrotik router firewall configurations

Setup mysql-innodb cluster and mysql database from scratch.

Basix linux admin chores

Logic behind yaml files and edit

Cloning from a UAT to production env, except db and weblogic configurations

Once migrated Windows server to Centos - mysql, oracle, postgresql database migration, tomcat applications,


All on CentOS, and im 0 in any programming languages.

https://redd.it/f78zq2
@r_devops

[Response Policy Zone] How to setup a DNS Bind with Docker, with 2 different zones that can be access by 3 different clients in the same server?


I need to create a DNS Bind in Docker with 2 different zones for 3 DNS clients from the same server, where:

- **1 client has access to one zone** and **the other 2 access to the other zone**

I need to use Bind9 and Docker for this.

How can i do this?

#Bind9 #DNSResponsePolicyZones #DNS #docker

https://redd.it/f78ffz
@r_devops

Confused by AWS ECR Security Vulnerability Scan

We have container images in ECR and its vulnerability scan reported there are critical issues in the images. The thing is that all the critical vulnerabilities are related to kernel. As far as I know, docker container images don't have their own kernel because containers run on its host machine's kernel. Should I ignore these vulnerability issues or am I confused about how docker containers work?

https://redd.it/f7404l
@r_devops

Conferences for Devops?

What are good conferences to go to for Devops and are any worth going?

I go to general ones like DeveloperWeek, DockerCon, KubeCon or RSA(comp security), most of the technical talks being marketing schpeels on a product from a company rep or engineer. Actually looking for something educational with hands on training rather than something like a circle-jerk without being patronizing.

https://redd.it/f7kinn
@r_devops

Building a good test db

Hello everyone,

I have learned from my last post so I am going to refine questions. I am currently working at a growing start up and the problem we have encountered is that more often than not SEs are copying the production DB, i know it’s bad hence why I am here, to test their code. I was curious on what the practice is to build a quality database that mimics your production environment in order to truly wall off your production DB but not lost out in quality testing.

https://redd.it/f7k8o6
@r_devops

What small things have you automated at work with bash/python?

I'm curious to know some examples of automation. Not full-blown IaC code in json/yaml.

I mean smaller things, maybe 10 to 50 lines of code in a script.

Just trying to get some ideas and maybe your suggestions can help others too.

thanks

https://redd.it/f7ha38
@r_devops

Best portable way to connect from within a pod in a local dev cluster to docker compose service

I'm setting up a local development project for a cloud native app where the idea is once in production up in Google Cloud, I'll be using Cloud SQL (managed cloud service) for data persistence. While I'm developing my application locally, I am using a local cluster with KinD, and would like my containers there to be able to reach a couple of external resources outside the cluster (in this case PostgreSQL) to keep dev/prod parity.

I have Postgres running locally using docker compose alongside my cluster, and while I can reach it already using the host's (my computer) IP + exposed port from within my pod containers, this is not very portable and would require every team member to configure their host IP to get their local environment working. I would like to avoid this.

Is there a better solution? Thanks.

https://redd.it/f73yqj
@r_devops

Is Raspberry Pi really needed for practicing DevOps tools?

I am new to DevOps, was a developer for a while and right now trying to get into DevOps. So I came across few blog posts about RPI where they created a cluster using 5 or more RPI's and deployed K8 on that. This was all for fun and practice. But I would like to know what difference does it make as I can spin up VM's in my local PC or get $300 free GCP credit where I can implement the same.
I know it can be used for Home Automation purpose, but I was not able to justify buying them for Docker/k8's.


So question remains, does we really need RPI if we are solely looking at it from DevOps prespective?

https://redd.it/f73grj
@r_devops

Logging infra usefulness on public cloud

Dev/Sec/Ops here. Small-sized MSP using GCP & AWS across multi-cloud regions, and using AWS CloudWatch & CloudTrail logs, Stackdriver for logging, alerting, errors, etc. We're finding limited usefulness of this logging infrastructure. Wondering if its just me!
As DevOps, I really find StackDriver logging UI not much useful to scroll through. For one thing, it is really slow. Secondly, I find service name & service acronyms very annoying. Not just StackDriver, but AWS too.

- Other than debugging, what purpose do logging serve?
- What are some tools that you use to dice & slice logging data to make any meaning?
- How do you extract actual errors while alerting?

https://redd.it/f737ge
@r_devops

Why is my Jenkins pipeline inconsistent? A command works sometimes and doesn't sometimes.

I am simply using a docker command in one of my stages.

When it works well, everything goes as intended.

However, many times, it gives me a message 'docker command is not found'.

What could be the main cause of this inconsistency?

https://redd.it/f714lo
@r_devops

Anyone use SumoLogic?

I'm looking at Sumo and other Siems for the purpose of incident response and detection. I liked sumo, and the new soc tool they're offering. But wanted to know if anyone has real experience with them.

How are the apps? The query building and data correlation? Is the data all in real time?

https://redd.it/f7syz0
@r_devops

Airflow with k8s executor - issues with PVC

I am using a PVC to mount dags. The configs don't have examples and I am running to a very strange issue.

## name of dags pvc
dags_volume_claim = dags_pvc

## I don't know what below is supposed to be
## if PVC is mounted at /opt/app and airflow is in /opt/app/airflow
## and dags should be /opt/app/airflow/dags
## then does this sound right?
dags_volume_subpath = airflow/dags

Please correct me if the above is wrong.

Now the 2nd issue is that on this PVC I have all my dags, parsers and other scripts.
There is a python script on this PVC under airflow directory that is supposed to access a file inside hidden directory on root of PVC.

So for us root of PVC is /opt/app
The file is in /opt/app/.hidden/file1

When my webserver pod is coming up, it complains it cannot access

/opt/app/.hidden/file1


I have it chmod to 777 for testing, but still not having any luck.

This is a python script if that helps.

Any ideas?

Thanks!

https://redd.it/f7w4be
@r_devops

Advice on how to prepare for DevOps position

Hello guys,

For the last 4 years I've been working in something different from what I prepared for. I have a masters in web engineering but I've mostly been working with Puppet and Kubernetes. Now, I'm thinking on moving to another country and my intention is to find something as DevOps.

The thing is that I don't feel confident enough on doing the interviews or even joining any company (impostor syndrome?). What would you recommend to prepare/study/play with for preparing to this new phase in my life?

I appreciate any comment and book or course recommendation.

https://redd.it/f7xrll
@r_devops

Does AWS throttle bandwidth?

​

Question? Has anyone had a similar experience?

I spun up an ec2 instance to do some data processing on tens of thousands of S3 objects.

It was taking 10 days to do the download from S3.

I switched to a metal instance and ran multiple simultaneous downloads and the elapsed download time dropped to 3 minutes. Wow.

After a few sprints over a few days, the download time suddenly increased dramatically.

Using some standard tools, the new bandwidth clocks at less than 1 Gbps on what should be a 25 Gbps pipe and accessing only AWS resources (S3).

I have verified my units ( ie. not comparing MBps to Mbps )

Has anyone else experienced this?

https://redd.it/f7wecl
@r_devops

How do you keep track of how many deploys you have made over a period of time?

I've been reading some books and State of DevOps reports and saw some cool statsitics about how many times deploys are made every year. My company has a build per every commit, and if it isn't tagged, then it fails to fit a criteria to release. We generally release 20 pieces once a month, an improvement from 4 pieces quarterly a year ago. I would like to implement some metrics to help show how our efforts are improving the deployment process, but I don't know how to efficiently to keep track of releases as we deploy faster.

https://redd.it/f7xwpl
@r_devops

SEIM tools that are NOT SaaS

So, I work in a very security-oriented corner of the market, and as such cannot use aaS tools for our customers' data.

We've been researching better monitoring and log aggregation tools, but are finding the majority of offerings that provide modern automation and "AIOps" are only offered in an AsAService model. Those companies that offer in-house installation options seem to only provide watered-down editions of the tools, missing most of the efficiency-bringing features.

Does anyone have strong opinions or recommendations of tools that can be installed or managed in a private network?

https://redd.it/f81d16
@r_devops

Golang testing frameworks

Hi everyone!

I'm looking for recommendations for a golang test framework, more specifically, something that I can use to test a Postgres server.

I have written some tests using InSpec and the postgres_session resource which work great, but I find Ruby a little slow to run in CI.

So I thought why not teach myself some Go, in the form of a test framework. In my brief searching, I found https://github.com/smartystreets/goconvey which looks nice. I imagine integrating with a Go Postgres module shouldn't be too difficult.

What's your favourite Golang test framework?

https://redd.it/f7r0q7
@r_devops

CI for open source project

Hi everyone,

​

I've used to setup TeamCity pipeline once, now decided to expand some knowledge about CI/CD and picked thesis topic which involves comparing two CI/CD systems and now my supervisor suggests to pick existing open source project to build pipelines for testing/gathering metrics purposes.

The question is - is that possible at all? If it is then give some tips for small-middle sized projects for those purposes.

​

Thanks in advance :)

https://redd.it/f7srao
@r_devops

Jenkins-github-GCP

Could someone link me to some appropriate resources for how to get Jenkins (running on a GCP debian instance) to test a github repo on pull to master?

I've tried oAuth, webhooks, GCP keys, nopasswd, setting my environmental variables in jenkins, and so on and so forth, but my shell executable script won't run, it fails every time I try to do anything with the repo files. It works with things which don't involve the repo, so things like 'whoami' and so on work just fine, but things like 'cd /application' just bottom out.

https://redd.it/f7s571
@r_devops

Where to build Qt application for macOS without owning Apple HW?

I need to build and try macOS distribution of my **Qt/C++ based** OSS application, but I don't own macOS machine. I need to build it every 2-3 months and it takes me \~1 to 5 days. Therefore I'm looking for a suggestion for a macOS (VM) hosting with a reasonable plan. Ideally one you have experience with and/or you use. CI is not enough as I need to also test whether app works as expected.

I want to make sure that if I rent a machine, I will be able to set up Qt and C++ development environment (or it will be there), I will have sufficient rights & connectivity and it won't be problem to build the application there w/o spending a lot of $.

If you have any other solution, how to solve this problem, please share it. Thank you in advance for your suggestions!

https://redd.it/f7pa7u
@r_devops