Is docker just bundling an OS with your app?

From a 10000 ft perspective, is Docker just bundling an OS/environment with your app? And is this really the state of the art right now?

https://redd.it/foxwq2
@r_devops

Avoiding cut and paste Makefiles, ci/cd scripts etc.

I generally try to avoid repetition everywhere, but it tends to creep in with similar Makefiles, and things like .gitlab-ci.yml / travis.yml / etc. in each git repo.

Some ways to address this - use git submodules, or perhaps go monorepo?

What do other people do?

https://redd.it/fp6lad
@r_devops

Designing apps for rolling updates

Are there any resources available for best practices when it comes to designing apps to support rolling updates? I'm having a hard time organizing all the required aspects in my mind. There needs to be some way to handle multiple versions of apis/protocols/schemas/etc. I'm interested in books/articles that provide the "mental framework" required when creating the application.

https://redd.it/fp4a18
@r_devops

Whats the best practices for Jenkins to use an AWS *pem file in an execute shell?

I have a terraform project that pulls an SSH key from \~/.ssh/mykey.pem which it uses for the machines to SSH to bootstrap. How would I offload this to Jenkins being that Jenkins does not have a normal user account and that we should not have Pem keys stored in source control?

https://redd.it/fotwi6
@r_devops

Battle of the Circuit Breakers: Resilience4J vs Istio

Check out this talk from GOTO Berlin 2019 by Nicolas Frankel, developer advocate at Hazelcast. You can find the talk link and full talk abstract pasted below:

[https://youtu.be/kR2sm1zelI4?list=PLEx5khR4g7PKMVeAqZdIHRdOwTM1yktD8](https://youtu.be/kR2sm1zelI4?list=PLEx5khR4g7PKMVeAqZdIHRdOwTM1yktD8)

Kubernetes in general, and Istio in particular, have changed a lot the way we look at Ops-related constraints: monitoring, load-balancing, health checks, etc. Before those products became available, there were already available solutions to handle those constraints.

Among them is Resilience4J, a Java library. From the site: "Resilience4j is a fault tolerance library designed for Java8 and functional programming." In particular, Resilience4J provides an implementation of the Circuit Breaker pattern, which prevents a network or service failure from cascading to other services. But now Istio also provides the same capability.

In this talk, we will have a look at how Istio and Resilience4J implement the Circuit Breaker pattern, and what pros/cons each of them has.

After this talk, you’ll be able to decide which one is the best fit in your context.

**What will the audience learn from this talk?**
The audience will learn about the semantics of the term "microservices", that one of the issue of webservices architecture is that it propagates failure, that the Circuit Breaker pattern can help cope with failure propagation, that both Istio and Resilience4J are both Circuit Breaker implementations, and about their pros and cons. Does it feature code examples and/or live coding?

**Does it feature code examples and/or live coding?**
No live coding, but demos. Repositories are available on Github.

https://redd.it/foqd9d
@r_devops

New Position, Inherited a Patchwork...

I'm at a loss at the moment. New to DevOps with programming skills from the early 2000s! I was promoted from software support. The brilliant person I replaced basically created all of our continuous development infrastructure, hundreds of scripts and linkage over a 12 year period. I received approximately 20 hours of loosely structured training and current documentation is rather swiss cheesy.

Beginning day 1: I had to newly map my workspace and couldn't use the substantial collection of workspaces my predecessor had created, builds began only partially succeeding, output isn't making it back to our Drops locations, our cloud backups fail nightly and have to be ran manually, our custom builds aren't happening. I'm told there's no way it's a permissions or auth issue or an individually assigned token or key, etc. I say there's no way it's all just a coincidence. Especially after finding a set of custom build scripts that call for login credentials that weren't Msft account info.

As I said, I'm at a loss and thinking maybe I'm not fit for the position.

Windows 10, TFS 2012, VS 2019, Azure cloud subscription. And yes, I've been through the MSDN knowledge base and even submitted a support ticket which was minimally helpful. Any suggestions appreciated, tia.

https://redd.it/foproj
@r_devops

What are you using for visualizing your techstack?

What do you use to visualize your tech stack in a good design.

I'm currently looking for a solution that visualizes our microservices in a code form like Mermaid. It could also be a vue app...

https://redd.it/fp9ovw
@r_devops

Keycloak Configuration as Code

In a recent project I had the task to automate the keycloak configuration through a build pipeline.

The mechanism of importing realms isn't sufficient for me because it's hard to maintain and parameterize the config.

So I wrote a tool to manage keycloak with migration files (like liquibase for databases): [https://github.com/klg71/keycloakmigration](https://github.com/klg71/keycloakmigration)

There is also a gradle plugin to embed in build pipelines: [https://github.com/klg71/keycloakmigrationplugin](https://github.com/klg71/keycloakmigrationplugin)

https://redd.it/fopqd1
@r_devops

DEVSECOPS POLICY DOCUMENT

I have been tasked with creating a DevSecOps policy document at work but I do not know where to begin. We use Gitlab and Artifactory for version control and deployment. It must include instructions for developers to submit code to be placed in Gitlab and later be store in Artifactory. Any suggestions on how to start would be great! thanks.

https://redd.it/fovh2r
@r_devops

Public Keys Storage for SSH

I was writing an ansible role to manage our SSH keys.

We have around 15 Servers with 7 Users. We use gitlab as version control and nextcloud as storage.

What should be the ideal location to store public keys?

https://redd.it/fop9ay
@r_devops

Creating AMI through Jenkins?

Hello everyone,

I want to create an AMI through a Jenkins job, and then use that AMI to launch slaves/agents which are going to be used to run other jobs I have on Jenkins.

How can I do this? I'm new to all of this DevOpsy stuff so any help/information/links would be greatly appreciated.

https://redd.it/fom6uf
@r_devops

watcher - Github manager

After doing a number of automated, serverless projects for various orgs around controlling Github to ensure some sense of sanity with a large number of repositories I decided to open source a more generic version to build upon. I give you `watcher` which will report on open pull requests, latest versions (helpful for internal module/packages in a single place), and ensure repository settings are constantly synced with the desired config! Currently `watcher` will ensure that repositories are synced with core setting when created/modified as well as on a regular cadence to ensure there is no drift or unintended changes (think making public when not approved). Any and all feedback appreciated!

[https://github.com/clowdhaus/watcher](https://github.com/clowdhaus/watcher)

https://redd.it/fognes
@r_devops

Feedback about Datadog

Hi all,

I would like to know if someone uses the tool Datadog and why ? which benefits offer than traditional software like Prometheus and more ? This is a cost choice 1, Technical choice 2, or both 3

Thanks for your help

https://redd.it/fpdu1e
@r_devops

Warning, avoid Datadog at all costs

Unless you are an enterprise with a lot of money to burn stay away from Datadog. They lure you with low prices on their pricing page and charge you a completely different sum at the end of the month.

They are very very shady and disgusting company to deal with.

Here is how we got scammed by Datadog.

​

1. We have one VPS that we wanted to monitor, nginx, mysql, php etc. the usual
2. We did the trial and setup everything and it all works great
3. Their pricing page states $15 per month (yearly) and $18 monthly for infrastructure monitoring, which sounds great
4. At the end of the month our card was charged over **$700** !!! Because of "usage" from ingestion of logs. **Nowhere** on this pricing page does it state that you need "log management" service for the infrastructure plan. Not even in the pricing details. I looked very closely for additonal charges and usage fees on their pricing page before signing up and there is none.

**We basically pay $700 per month to monitor 1 VPS server.**

This is INSANE.

Luckily I did not onboard our other servers or the charge would be 3-5 times higher.

The log management is divided up into its own section on the pricing page, indicating that it is a different service. Just like "APM", "Network" etc. is divided up into its own sections. Services which we did not use.

I had to cancel my credit card and have the bank send me a new one to avoid being fraudulently charged by this company.

I am filing a fraudulent chargeback with my bank.

It is a shame that a company with such a good service has to scam their customers instead of being upfront with the pricing.

Now that I am done with this shitty company, is there any similar service that do not scam their customers? Or do I have to setup my own Prometheus stack?

Essentially I just want to monitor the daemons on the server and alert me when things break.

https://redd.it/fp7xl7
@r_devops

DevOps Career Success Mini Series

Hey Everyone,

In these trying times I've talked to a lot of DevOps learners hoping to build a successful DevOps career after being let go or denied internships in other fields. Some of them are fresh grads and some already have experience programming or in software QA automation. I've built a mini series that will take you through DevOps from the beginning, starting with DevOps culture and moving onto the high level concepts like automation and CI/CD before getting into specific tools like Terraform and AWS.

The course is totally free and delivered via email once or twice a week with homework to keep you busy in between. It should be doable by someone with a job or someone already studying in university.

You can sign up here for the series if this sounds like something that would be helpful for you: [https://miniseries.opscentric.io/devops-career-success](https://miniseries.opscentric.io/devops-career-success)

Also feel free to PM me if you have questions, this course is the result of my mentoring sessions with aspiring DevOps Engineers over the last few years. So far most of them have gone on to get well paid jobs in the field or be promoted to higher salaries.

https://redd.it/fp8a5j
@r_devops

Tips for a software developer?

We have started researching Docker about over a week ago and have managed to grasp the basics and have now managed to dockerize our current project, but it's like a rough sketch, we're all novices and assuming this rough sketch has a big room for improvement.

We don't have a DevOps team, we're all essentially developers, we have a few seniors with a bit more experience with setting up and configuring servers, and it seems that we're going to be on our own for a while, and we have only ever been using bash scripts for deployments.

I'm a bit intimidated/worried basically because we're introducing new tools into our workflow, and we're currently discussing the next step which is deciding which CI/CD tool to use. The more senior members of the team are leaving in a week, and I'm not sure if I can fully commit to this. I feel like we need more time? Or if we're going to start looking into all this new stuff and experimenting, I feel like we need at least some sort of safety net that should we run into any trouble we struggle to fix, it won't keep us from shipping a product and any updates needed. Or maybe have a consultant or specialist with more experience, but it seems that our manager wants us to get the hang of this and manage it all on our own.

Thoughts?

https://redd.it/fofebv
@r_devops

Best practices for CI/CD with containers

what is the most efficient way of deploying containers throughout the SDLC? Let's start with local development. Engineers test code and submit PRs against a branch, call it "develop." Unit testing runs and at some point we need to push all these changes to a shared development environment for others to see and qa to test (we don't have a testing environment). Now, the idea behind containers is that you run the same containers across the environment.

If the develop branch evolves due to PR and merges throughout the day, the shared development environment will have a new docker image each time there's an update. how would we know which container to push to staging and then prod? do we need to introduce a second branch?

need some ideas and tips

https://redd.it/fpfif5
@r_devops

How does your team link/manage Jira tickets and Git branches?

Hi team,

Hoping someone can weigh in on this common pain point. We use Jira for issue tracking like many teams and git as version control. A few main issues:

1. As developers are assigned tickets and work off of feature branches and merge to the develop branch, we've had issues making sure that the tickets correspond to branches and transition to the merge status when merged. We've managed this with a plugin where we have to prepend our branch names with the ticket number, but I was wondering if there is a better and more reliable way
2. We cutoff once a week and tickets are automatically assigned a fix version with a jenkins job. However, tickets are sometimes merged after the cutoff and have to be manually assigned a fix version and managed. This is inefficient and leads to situations where a dev has merged and then moves on; the feature is untested and released because QA is only looking at merged tickets in the latest version. Ideally I'd like to automatically assign the latest fix version upon a merge to the staged QA branch. Is there a more elegant way to manage this?
3. We haven't figured out a way to efficiently manage the "latest" fix version and its state. We just think what the latest is, increment in our heads, and bulk assign all the tickets to the new version when we cutoff. I'd love to reduce this down to one click, where we cutoff and the version is incremented automatically. But we'd need a way to keep track of the last fix version.

https://redd.it/fph0si
@r_devops

Collect inspec test results from multiple hosts

So far, I was able to integrate inspec with ansible to run the profiles across all of our 30+ hosts in our environment. The result being the json report is present in individual host. Is there any way we can get data from those reports and publish it to show compliace level per host?

I have read [https://www.reddit.com/r/devops/comments/7ycwaw/what\_tool\_can\_i\_use\_to\_aggregate\_serverspecinspec/](https://www.reddit.com/r/devops/comments/7ycwaw/what_tool_can_i_use_to_aggregate_serverspecinspec/) which doesnt give any answers

I tried geekdave/prometheus\_inspec\_exporter and it gives me a total tests run/skipped/failed but the results doesnt match the output json file.

Chef compliance server is decommisioned where we could push all these reports and get a summary view and Chef automate is a paid tool.

Are there any other option for collecting and showing these reports ?

https://redd.it/fody9n
@r_devops

The manager wants to start using SALT with Terraform. WHY?

What added functionality will adding SALT to do when we already use Terraform?

https://redd.it/fojyzn
@r_devops

HTTP request queueing mechanism question

We have a Kubernetes cluster with around 30 microservices running. In front of the cluster we have nginx acting as a front end web server/reverse proxy to Ingress nginx within the cluster. What is the best way set request rate limit based on the URL to each of the services? For example we need to queue 100 requests to a certain service after 30 concurrent requests, and drop all the requests if the queue of 100 is full. Also set a timeout for requests in the queue say for 30 seconds.


I know that nginx has built-in module to set rate limits but it is very limited and restrics only based on the requester IP address and not URL. Also it doesn't have queues.

Developers may implement this into the services themselves, but this approach may become complex to manage and fine tune after they are deployed.

Please share your experience on this.

https://redd.it/foa89c
@r_devops