At home projects

Hi. So I recently lost my job and while I have been managing devops teams for quite some time, I never really did a lot of hands on environment builds, CM, and CI/CD. I can talk through them but now want to get more hands on as I have time. Any recommendations on projects so I’m not just aimlessly building? I’ve already used terraform to build AWS infrastructure and it works so I know I can do it. Thanks so much.

https://redd.it/flwmip
@r_devops

Trying to automate VM (Ubuntu 18.04 Cloud-Image) creation using cloud-init - stuck on static ip

I'm using the `nocloud` datasource with cloud-init and want to set a static IP address for an Ubuntu 18.04 Cloud-Image. As far as I understood, I need to put the config for the network into the meta-data.yaml file. Ubuntu 18.04 is using netplan, so the example on the cloud-init docs are not so clear for me. Has some of you done this before?

Whats the proper way of configuring a static IP on a Ubuntu 18.04 Cloud-Image using cloud-init?

https://redd.it/flwa8r
@r_devops

Do I have a chance to land on a DevOps work if I have developer and support work experience?

(I hope this long post is appropriate here.)

When I was in my first employer, I was a C/C++ developer. Then after a year, the project ended and I was transferred to another project with a Support Analyst role. Basically, my job as a Support is to receive calls and incident tickets for us to fix. But I didn't have access to the code; I was just to analyze and coordinate to the appropriate team to fix the issue. Aside from that, I became a Change Request Coordinator, coordinating with teams if a certain change request is good to deploy. I do other tasks but they are all non-developer tasks.

I was a Support Analyst for almost 3 years when I accepted a job offer for other company. This offer came during the time that I'm slowly accepting my fate as Support Analyst. Compare to my 1st employer, this 2nd employer is not that big and the salary/benefits is not that good. I just accepted the 2nd because, that time, I thought that maybe this is what I've been waiting for so long. I almost lose hope because I thought nobody would accept me considering I didn't have work experience as Java developer. (I preferred Java over C/C++ even before I started working)

Now that I'm here in my 2nd employer, I thought I'll finally get myself fulfilled with my job, but apparently not. There's no official training here so I'm self-studying the technologies so that I can relate to my teammates. Even if my teammates are (sometimes) helping me, I feel like they are annoyed whenever I ask them. I will not disclose other issues as it will deviate from the topic, but to sum it up, I'm trapped (yes, trapped because I'm in a 2-year employment bond) in a toxic environment. I didn't expect that being in this company is much worse than I thought.

Before I started on my 2nd employer, I told myself that if working as a developer did not turn out well here, I'll just go back to my 1st employer and embrace if I would land again on Support roles.  Apparently, it's a toxic environment for me. Also, it seems that I don't belong in this developer role, no matter how I try. Although I'm still able to complete my tasks, I feel that I'm already losing my drive in being a developer. Somehow I regret accepting the job offer and leaving my 1st.

Now, I'm thinking if it still worth trying to land a DevOps job on my next employer, since I have experience both in development and support. Am I too ambitious with this? Or should I just pursue being a Developer?

Sorry for the long read.

https://redd.it/fltz7e
@r_devops

Does devops design architecture?

Is a dev ops engineer in charge of designing a web architecture or is that mainly a developer’s job? Is the dev ops engineer more focused on maintenance? I find I enjoy learning about web systems and thinking about how to design, code and deploy them. There is so much more than just a server and a database now with the cloud and everything.

https://redd.it/flrqv8
@r_devops

Best tool(s) for small home/cloud management

I have 3 computers on my home network, plus VMs and Docker, and one cloud server, with one or two more coming soon. All use Debian as the base.

I will be using either Samba AD or FreeIPA to handle users, passwords and permissions, and one computer I will be using to virtualize PFSense. So each computer in my network(s) has different requirements, although the base Debian install will be identical across all.

This use case has me a little confused about how to manage IAC and updates. I have spent a long time reading about possible solutions, but I'm wondering what approaches others have taken.

Here are my use cases:

\- One server will virtualize PFSense and possibly some other DNS or network related tools such PiHole and Grafana.

\- Another server will be a NAS with several docker images installed (Jellyfin, Gitlab, etc)

\- The cloud server runs a web server and a database.

The IAC solutions all seem massively complex for my use case, or focus only on Docker (k8s, Rancher). Other solutions involve chaining together a series of tools (Chef/Puppet/Salt/Terraform, etc) I considered a ProxMox cluster, but there is way too much functionality for my basic needs.

Should I use something like Packer to automate the creation of the similar/identical Debian installs, and then use something Docker-based to handle the rest? Should I accept more complexity on the basis that it will serve me better over time?

I'd prefer open source over proprietary, but any/all suggestions will be most appreciated!

https://redd.it/fllnjf
@r_devops

What's best practices for using terraform to create/ update a dev, staging, and prod environment?

I've heard it said I should use modules for each environment, I've heard it said I should use config files. What do you guys do?

https://redd.it/flia5v
@r_devops

Blog Post Feedback -

Hello World!

I have made a blog post about using Terraform, Docker and AWS to setup a pentesting lab.

Since a lot of people got some corona spare time, I would really appreciate some feedback!

[Setting up a web application penetration testing lab](https://avasdream.engineer/terraform-hacking-lab)

​

Stay healthy!

https://redd.it/fmpwi2
@r_devops

Can it be done ?

I'm the only sysadmin at my company, for the past three months I've working on a new infrastructure for our SaaS offering with is based on WordPress custom themes that we have repositories for, we went live a couple of days ago with the following setup:
4- reverse proxies (Nginx) that acts as CDN.
2- Nginx frontend with a Load balancer Infront of.
2- dedicated php-fpm machines.

Now when we get a request the the code deployed on the 2 Nginx and 2 php servers. This approach has the storage as the biggest challenge. I was wondering if i can migrate it over to Docker containers and an orchestrator that handles the deployment and i need to have a cluster.
I would need each client on a container and if he gets a lot of traffic then another container can be started on another host in the cluster, and if a cluster member runs our of storage i could add another member. Can that be done ? Or do i need to think in another way ?
Sorry for the long post

https://redd.it/fmfhdy
@r_devops

Set up a continuous deployment service in no time using Github Actions

[https://medium.com/@Shaykh/set-up-a-continuous-deployment-service-in-no-time-at-all-using-github-actions-3dcb02228589](https://medium.com/@Shaykh/set-up-a-continuous-deployment-service-in-no-time-at-all-using-github-actions-3dcb02228589)

Got tired of ssh'ing into my server, pulling, building just for a simple web portfolio. Found out Github Actions is a super easy way to automate it.

https://redd.it/fmcx77
@r_devops

REST API Reliability & Uptime Monitoring

A friend of mine and I are working on a platform to monitor APIs in production for their responses and uptime. It's called [APId](https://www.getapid.com). Tests automatically run periodically (up to every minute) and you get notifications when something breaks.

Currently we have the opensource [CLI tool](https://github.com/getapid/apid-cli) that runs the tests locally or in CI pipelines, but we are working to launch the cloud offering.

​

Since we are more dev guys, we wanted to hear the devops side of things.

​

* Are you using similar cloud API monitoring in your production monitoring systems? (e.g. runscope, smartbear)
* If not, are you willing to start using something like that? (I realize it will be more the dev teams using it, but is it something that your business is willing to integrate with?)
* What are the features you care about as devops people? (instant notifications, exportable metrics for grafana, good API support to e.g. query test status)

https://redd.it/fmfevj
@r_devops

Limiting process memory

I would like to limit the memory of the processes I am running. App consists of several processes and each of them should have a separate limit. So far cgroups seem as the most reasonable solution, but the management of them seem very manual.

I deploy the app (which restart processes) several times a day and would like to avoid manual cgroup creation, adding PIDs as processes start and removing them when they die.

What would be your solution? Is some wrapper around a process a good solution (something that would forward signals but do the cgroup management)? Are you aware of any wrappers like that?

I would like to avoid full blown containers (with separate FS, networking etc) if possible.

https://redd.it/fmd9ag
@r_devops

How is python being used in devops?

How are devops engineers using Python? Does it mean using boto3 for AWS, or do employers just want to know that you have some programming skills?

https://redd.it/fm6hhe
@r_devops

How do I create a parallel Terraform Environment (Dev) without tearing down the current one (Prod).

Hi so I'm a DevOps guy thats new to Terraform. We want a parallel environment (dev). We currently have 1 Terraform env (prod) inside us east-1. but we need to have another terraform env in us-east-2. I cant tear down the environment in us-east-1 (prod). How can add a new environment in us-east-2 (dev) without touching us-east-1.

I was instructed by a senior team mate to use config files, but I wonder how one would even approach that. I was also told we should make a second terraform module...so we have module1(prod) and module2(dev). I'm a noobie, so what are best practices for this specific use case?

https://redd.it/fm1ste
@r_devops

A quote I heard at work today

"Maybe not everything needs to be automated."

​

Where's the whiskey...

https://redd.it/fm1nvn
@r_devops

Differences between cluster managers for HPT and for big data?

I would like to learn more about the architectures and features of cluster managers.

What are differences and similarities between cluster managers for HPC (e.g. PBS) and for modern development e.g. big data (e.g. Kubernetes, Mesos, YARN, ...)?

I was wondering if there are good references for introducing cluster managers?

Thanks.

https://redd.it/fmy5r1
@r_devops

Install software and configure windows firewall on win10 client

Good day all! I’m trying do installation of softwares and configure windows firewall using automation. Most likely a 1 time off install and configure and create local accounts with password. Is this possible with puppets or chef? Appreciate if someone can point me to some resources or module. I’m new to puppet and chef from reading and watch some tutorials but does not know what else they can really do.
It would be good if it can see all workstation in a portal and manage from the web portal.
Thank you very much! Appreciate your enlightenment! :)

https://redd.it/fmz1po
@r_devops

Spinnaker - pass value on manual judgement stage

Is it possible to pass a value to a parameter on a manual judgement stage? I'd like to be able to define a tag name for Git and Docker if I intend to deploy into production.

https://redd.it/fm1nky
@r_devops

cron weekly - super useful topics ... a fav blog newletter

[https://ma.ttias.be/cronweekly/issue-126/](https://ma.ttias.be/cronweekly/issue-126/)

https://redd.it/fn0jnj
@r_devops

How do I get out of tutorial hell

Hi Guys,

I decided to start learning DevOps, starting with fundamentals like learning Linux. I have no clue however on how I can make my way through all the resources available. I noticed the beginners resources in this subreddit but I am not sure what I should prioritize. Any tips on where I should start?

https://redd.it/fn1jwz
@r_devops

Developing your own Kubernetes controller in Java

In the previous post, we laid out the foundations to create our own custom Kubernetes controller. We detailed what a controller was, and that its only requirement is to be able to communicate with HTTP/JSON. In this post, we are going to finally start developing it.

The technology stack can be Python, NodeJS or Ruby.

As a use-case, we will implement the sidecar pattern: every time a pod gets scheduled, a sidecar pod will be scheduled along it as well. If the former is removed, the latter needs to be as well.

Read on there https://blog.frankel.ch/your-own-kubernetes-controller/2/

https://redd.it/fn3shs
@r_devops

Tool to manage multiple ansible vault password for DevOps

Hi,

I write this little topic to share you a possible way to manage your ansible vault passphrases. If you already use ansible vault you know its a good way to secure your sensitive vars but it's also complicated to work in team / with CI / with different accreditation levels.

Alternatives are lookup plugins (very verbose to use them in playbooks, and complicated in case of group\_vars), or poorly knowns vars plugins (you need to write your own for your use case).

Ansible-vault is complicated in large teams, because one vaulted file (or string) has only one passphrase to encrypt/decrypt it.

So I propose **a new tool to manage ansible keys automatically** and decrypt vaulted files (or string) automatically without need to know for end user, where are stored keys. Accreditation, is delegated to the keyring systems of your choice.

In brief :

`pip install ansible-vault-manager`, then Use `ansible-vault-manager-client create [...]` Instead of `ansible-vault create [...]`, then Execute `ansible-vault-manager-client get-usable-ids [...]` before each ansible run.

​

* It will store automatically ansible vault keys in a keystore with one of created plugins (actually AWS SSM, filesystem, but S3, gpg file, bitwarden, and other in todolist), and manage a local `_metadata.yml` file (this file must be versionned for all ansible users).
* It will test all possible keys storage (regarding `_metadata.yml` file), to verify your accreditation without fails.
* It will provide all possible keys to ansible for its runtime (using native vault-id feature).

Take a look at [https://github.com/Smile-SA/ansible-vault-manager](https://github.com/Smile-SA/ansible-vault-manager)

If you have questions / suggestions don't hesitate. I think this tool is not complete for now but this MVP was very useful for me.

https://redd.it/fmyr2a
@r_devops