Blog Post Feedback -

Hello World!

I have made a blog post about using Terraform, Docker and AWS to setup a pentesting lab.

Since a lot of people got some corona spare time, I would really appreciate some feedback!

[Setting up a web application penetration testing lab](https://avasdream.engineer/terraform-hacking-lab)

​

Stay healthy!

https://redd.it/fmpwi2
@r_devops

Can it be done ?

I'm the only sysadmin at my company, for the past three months I've working on a new infrastructure for our SaaS offering with is based on WordPress custom themes that we have repositories for, we went live a couple of days ago with the following setup:
4- reverse proxies (Nginx) that acts as CDN.
2- Nginx frontend with a Load balancer Infront of.
2- dedicated php-fpm machines.

Now when we get a request the the code deployed on the 2 Nginx and 2 php servers. This approach has the storage as the biggest challenge. I was wondering if i can migrate it over to Docker containers and an orchestrator that handles the deployment and i need to have a cluster.
I would need each client on a container and if he gets a lot of traffic then another container can be started on another host in the cluster, and if a cluster member runs our of storage i could add another member. Can that be done ? Or do i need to think in another way ?
Sorry for the long post

https://redd.it/fmfhdy
@r_devops

Set up a continuous deployment service in no time using Github Actions

[https://medium.com/@Shaykh/set-up-a-continuous-deployment-service-in-no-time-at-all-using-github-actions-3dcb02228589](https://medium.com/@Shaykh/set-up-a-continuous-deployment-service-in-no-time-at-all-using-github-actions-3dcb02228589)

Got tired of ssh'ing into my server, pulling, building just for a simple web portfolio. Found out Github Actions is a super easy way to automate it.

https://redd.it/fmcx77
@r_devops

REST API Reliability & Uptime Monitoring

A friend of mine and I are working on a platform to monitor APIs in production for their responses and uptime. It's called [APId](https://www.getapid.com). Tests automatically run periodically (up to every minute) and you get notifications when something breaks.

Currently we have the opensource [CLI tool](https://github.com/getapid/apid-cli) that runs the tests locally or in CI pipelines, but we are working to launch the cloud offering.

​

Since we are more dev guys, we wanted to hear the devops side of things.

​

* Are you using similar cloud API monitoring in your production monitoring systems? (e.g. runscope, smartbear)
* If not, are you willing to start using something like that? (I realize it will be more the dev teams using it, but is it something that your business is willing to integrate with?)
* What are the features you care about as devops people? (instant notifications, exportable metrics for grafana, good API support to e.g. query test status)

https://redd.it/fmfevj
@r_devops

Limiting process memory

I would like to limit the memory of the processes I am running. App consists of several processes and each of them should have a separate limit. So far cgroups seem as the most reasonable solution, but the management of them seem very manual.

I deploy the app (which restart processes) several times a day and would like to avoid manual cgroup creation, adding PIDs as processes start and removing them when they die.

What would be your solution? Is some wrapper around a process a good solution (something that would forward signals but do the cgroup management)? Are you aware of any wrappers like that?

I would like to avoid full blown containers (with separate FS, networking etc) if possible.

https://redd.it/fmd9ag
@r_devops

How is python being used in devops?

How are devops engineers using Python? Does it mean using boto3 for AWS, or do employers just want to know that you have some programming skills?

https://redd.it/fm6hhe
@r_devops

How do I create a parallel Terraform Environment (Dev) without tearing down the current one (Prod).

Hi so I'm a DevOps guy thats new to Terraform. We want a parallel environment (dev). We currently have 1 Terraform env (prod) inside us east-1. but we need to have another terraform env in us-east-2. I cant tear down the environment in us-east-1 (prod). How can add a new environment in us-east-2 (dev) without touching us-east-1.

I was instructed by a senior team mate to use config files, but I wonder how one would even approach that. I was also told we should make a second terraform module...so we have module1(prod) and module2(dev). I'm a noobie, so what are best practices for this specific use case?

https://redd.it/fm1ste
@r_devops

A quote I heard at work today

"Maybe not everything needs to be automated."

​

Where's the whiskey...

https://redd.it/fm1nvn
@r_devops

Differences between cluster managers for HPT and for big data?

I would like to learn more about the architectures and features of cluster managers.

What are differences and similarities between cluster managers for HPC (e.g. PBS) and for modern development e.g. big data (e.g. Kubernetes, Mesos, YARN, ...)?

I was wondering if there are good references for introducing cluster managers?

Thanks.

https://redd.it/fmy5r1
@r_devops

Install software and configure windows firewall on win10 client

Good day all! I’m trying do installation of softwares and configure windows firewall using automation. Most likely a 1 time off install and configure and create local accounts with password. Is this possible with puppets or chef? Appreciate if someone can point me to some resources or module. I’m new to puppet and chef from reading and watch some tutorials but does not know what else they can really do.
It would be good if it can see all workstation in a portal and manage from the web portal.
Thank you very much! Appreciate your enlightenment! :)

https://redd.it/fmz1po
@r_devops

Spinnaker - pass value on manual judgement stage

Is it possible to pass a value to a parameter on a manual judgement stage? I'd like to be able to define a tag name for Git and Docker if I intend to deploy into production.

https://redd.it/fm1nky
@r_devops

cron weekly - super useful topics ... a fav blog newletter

[https://ma.ttias.be/cronweekly/issue-126/](https://ma.ttias.be/cronweekly/issue-126/)

https://redd.it/fn0jnj
@r_devops

How do I get out of tutorial hell

Hi Guys,

I decided to start learning DevOps, starting with fundamentals like learning Linux. I have no clue however on how I can make my way through all the resources available. I noticed the beginners resources in this subreddit but I am not sure what I should prioritize. Any tips on where I should start?

https://redd.it/fn1jwz
@r_devops

Developing your own Kubernetes controller in Java

In the previous post, we laid out the foundations to create our own custom Kubernetes controller. We detailed what a controller was, and that its only requirement is to be able to communicate with HTTP/JSON. In this post, we are going to finally start developing it.

The technology stack can be Python, NodeJS or Ruby.

As a use-case, we will implement the sidecar pattern: every time a pod gets scheduled, a sidecar pod will be scheduled along it as well. If the former is removed, the latter needs to be as well.

Read on there https://blog.frankel.ch/your-own-kubernetes-controller/2/

https://redd.it/fn3shs
@r_devops

Tool to manage multiple ansible vault password for DevOps

Hi,

I write this little topic to share you a possible way to manage your ansible vault passphrases. If you already use ansible vault you know its a good way to secure your sensitive vars but it's also complicated to work in team / with CI / with different accreditation levels.

Alternatives are lookup plugins (very verbose to use them in playbooks, and complicated in case of group\_vars), or poorly knowns vars plugins (you need to write your own for your use case).

Ansible-vault is complicated in large teams, because one vaulted file (or string) has only one passphrase to encrypt/decrypt it.

So I propose **a new tool to manage ansible keys automatically** and decrypt vaulted files (or string) automatically without need to know for end user, where are stored keys. Accreditation, is delegated to the keyring systems of your choice.

In brief :

`pip install ansible-vault-manager`, then Use `ansible-vault-manager-client create [...]` Instead of `ansible-vault create [...]`, then Execute `ansible-vault-manager-client get-usable-ids [...]` before each ansible run.

​

* It will store automatically ansible vault keys in a keystore with one of created plugins (actually AWS SSM, filesystem, but S3, gpg file, bitwarden, and other in todolist), and manage a local `_metadata.yml` file (this file must be versionned for all ansible users).
* It will test all possible keys storage (regarding `_metadata.yml` file), to verify your accreditation without fails.
* It will provide all possible keys to ansible for its runtime (using native vault-id feature).

Take a look at [https://github.com/Smile-SA/ansible-vault-manager](https://github.com/Smile-SA/ansible-vault-manager)

If you have questions / suggestions don't hesitate. I think this tool is not complete for now but this MVP was very useful for me.

https://redd.it/fmyr2a
@r_devops

CI with credentials

I'm using GCP and AWS for a project, and I have my authentication stored on my local machines. I want to be able to upload the project to Github for testing on [circle.ci](https://circle.ci) and Github actions.

I don't want to upload the keys to GitHub. I've looked into secret keys for circle ci and GitHub actions. That sounds great, but I'm not sure how to properly use it so that i can run on both on my local machine and on circle ci and Github actions.

For example, if I change the code to read SECRET.AUTH this would work for Github actions or [circle.ci](https://circle.ci) , but I don't have that path on my machine.

# python script

def upload(file, key):
client.auth(key)

do something

upload(train.csv, key.json) -- Not uploading json key to github

# options for github actions or circle ciI
upload(train.csv, SECRET.AUTH) -- How would i run this on my local machine?I

https://redd.it/fn3czu
@r_devops

[Microsoft Azure] I have a few questions regarding some tools. Terraform, Salt Stack.

Why would I need to use Terraform or Salt, if Azure comes with tools such as Batch?

Do DevOps Teams get more out of these external tools, instead of using the built-in functions and tools?

https://redd.it/fn71au
@r_devops

Need guidance

Hello guys O/

First of all, this is an **amazing** subreddit, I've been casually following this without an account for a while, but I want to get serious now.

I work as a Support Engineer is a SaaS company and want to switch towards DevOps/SRE. I am looking for tips/resources from the experienced people on here about where I should begin. I've read many threads online but all of them seem to differ in some way. Currently, I have the following:

• Basic Linux administration

• Intermediate Python, Basic Ruby and web development basics.

• Understanding of Networking (TCP/IP, OSI, etc), and the Cloud in general.

I am thinking of joining Linux Academy and start a career path on DevOps, but since it's a significant investment for me, I would love to hear any suggestions from this community on how I should go about it.

To the **Senior members, Team Leads and Managers**: What are the skills that you're looking for in a person starting in this field? and how likely are you to hire a person switching their career paths like mine (assuming that the individual might have the knowledge but not the experience)?

Your input is highly appreciated :)

https://redd.it/fmzzzr
@r_devops

Help me create a chaos script

The goal is to be able to run this script on a newly created, soon to be configured, linux server, so that alerts may be properly configured.

For example, I want to alert on thresholds of metrics (queue depth, reads, writes etc) related to disk, what would a script look like to exercise each of these (and other metrics)?

I know there are out of the box settings the cover 80% of the scenarios, but I want to be able to further customize these alerts since we have a lot of different types of servers used for a lot of different things (we are slowly maturing in our devops journey).

https://redd.it/fn977j
@r_devops

Terraform CI workflow

How do people CI their Terraform repos?

We are about to add a "prod" environment, and are looking for a very simple workflow at this stage (i.e. we don't need any fancy features at this stage)

Do you use a branch per env? Do you have a conventional master/develop structure, but a folder for each env?

https://redd.it/fna2oe
@r_devops

Looking to build a highly scalable scheduling service. Would like to get feedback

Would like to know if scheduling up to millions of jobs is a problem for you today. If it is, I would like to know what solutions you use today as well as what you like/dislike about current options.

https://redd.it/fn68fw
@r_devops