Building DevOps Team for StartUp

Hi DevOps,

I am working for a Startup and We are building the DevOps team, I need some input to on the below.

\- Enterprise DevOps tools - We are planning to go for partnership with Enterprise DevOps tools, Basically our intention is to get the business from the tools. Please suggest which are the tools we can consider as enterprise DevOps tool tools like Splunk, Sumo Logic etc.


\- Best SIEM tools as part of DevSecOps for Enterprise.

\- APM tools.

​

Please suggest. Thanks.

https://redd.it/fpy1gs
@r_devops

Nightmare on the way to SecDevOps

I was a cyber / jr systems admin hopping my way through various jobs in the IT industry, with the goal of trying to get to SecDevOps / DevOps one day. I have an eclectic background with a graduate degree in cyber security, Linux training, Full Stack Web Dev training and experience with ELK, LAMP, and MERN stacks. I ended up landing this job in the financial sector with potential for growth and an excellent boss. There was a lot of work to do but the C-Level seemed receptive and willing to grow. One day the company announced it was going to sell to another company. They ended up not consulting with my boss and kept him in the dark the whole time. This led to him quitting and getting another job as a senior director at a much bigger place. The C-Level came to me and asked if I could do what he did with the aid of all our vendors. I was taught to never lie in IT so I said no, but I told them with the right vendors it’s possible. They seemed to half listen to me, promoted me to IT Manager and aren’t listening to any of my recommendations now. I feel like a doctor who was suddenly asked to become a lawyer. The company still has a small business attitude and is on the verge of some very bad decisions. The director that left called me one day and told me he would like to pull me over into their environment. They have a huge IT team with every department possible, including a full DevOps team! I said yes, with the actions of the C-Level I’m going to leave no matter what now, but I still feel guilt in the back of my head. I know I’m not responsible for a company making bad decisions but I was curious about others DevOps stories. How did you become what you are, was your path as crazy as this; or was it worse?

https://redd.it/fpwzd7
@r_devops

automate setting up and provision Windows build PC

I do automation at a gaming studio - we have a build farm consisting of several consumer gaming PCs (lets call them slaves) that we compile and test games on. Each slave has an SSD (this can be clean formatted) and specific CPU/GPU combo, virtualization of any kind is absolutely out of the question, we need this running pure and on-the-metal, as this is how games are played in the wild.

I need to install a specific version of Windows 10 on a slave, add it to our Windows domain, install software like Visual Studio and various SDKs in a process that is fiddly with lots of user interaction, and then run some shell scripts to register the slave with our build master server so it's ready to work. I would like to be able to redo this process periodically to update Windows or build tools as needed.

Right now, I'm doing this by maintaining a single clean slave, that is not on our domain so it has no domain ID. I keep Windows and software updated normally, and snapshot it periodically with Clonezilla. I then manually go to each running slave, and from a USB key boot into Clonezilla and use it to completely overwrite the local OS drive with the latest snapshot. I re-add the slave to the domain using its fixed name, add local drivers if needed, and run a shell script to register with the build master.

I would love to automate this process, at least more than what it is now, as we could in theory scale up a lot of slaves to cover various hardware profiles, console devkits, etc etc. Is there a better way of doing this?

https://redd.it/fpvd2k
@r_devops

Using Vsphere customization specs with Terraform

I've been pouring over the terraform docs and the internet all day and I cannot for the life of me figure out how to actually apply a customization spec to a vm clone by terraform. All I can find is how to turn it off, not apply a specific one.

We use customization specs to support older infrastructure so I'd like to not have to build separate templates for use with TF, I will if I need too.

Anyone out there using Vsphere's customization specs with Terraform and can point me at the right option to call to use it? I'm fairly new to Terraform, but I've been using vagrant for about 3 years.

https://redd.it/fq7shh
@r_devops

Optimizing UE4 Project Builds With Cloud Native Infrastructure And Containers

Holistic view on the application of general computing cost-effective platforms like Kubernetes for Any-A and any kind of studio workloads.
[blog post](https://www.gamasutra.com/blogs/JoseMoreira/20200327/360277/Optimising_UE4_Project_Builds_With_Cloud_Native_Infrastructure_And_Containers.php)

https://redd.it/fq7gsj
@r_devops

Bob: A composable and inclusive CI/CD platform.

Hello folks,

I have been working on re-thinking the whole CI/CD problem from scratch and trying to address the issues at the very core and came up with [Bob](https://bob-cd.github.io/bob/). Its a *CI platform* than a CI and is aimed at being able to be adapted to the problem its trying to solve.

Following the Unix philosophy and inspired from clojure and emacs' design, I gave the first talk on it at [ClojureD](https://clojured.de/) and here it is:
[https://www.youtube.com/watch?v=KtMJ4lHI\_qM](https://www.youtube.com/watch?v=KtMJ4lHI_qM)

Being an infrastructure developer myself, addressing these issues and making lives of other peers easier has been my goal when building this. Hopefully some of you find this useful! 😄

https://redd.it/fq39lz
@r_devops

How can we integrate security into the DevOps pipelines?

Hello everyone,

I wrote one article about how to integrate security into the DevOps pipeline. Still, I would like to hear some feedback and new idea on how to keep improving the safety in pipelines. This is the based article if someone would like to take a look. I appreciate any thoughts. I hope it can help somebody too.

[https://medium.com/swlh/how-to-integrate-security-on-the-devops-pipeline-e36dea836d7b](https://medium.com/swlh/how-to-integrate-security-on-the-devops-pipeline-e36dea836d7b)

https://redd.it/fqabf3
@r_devops

Managing resources and software with Windows applications

This is a beginner's question, I hope this is the right place to ask. I am converting an existing interactive desktop OpenGL-based Windows application to work over WAN. In short the application processes live user input, renders 3D frames (requires "gaming-grade" GPU) and streams video back to the user. While the system is already distributed, it was designed with LAN in mind and a limited scale. The application may be converted down the road to run on Linux , but at the moment it is deployed as native Windows binaries with an installer.

The main requirements are:

* Start and manage resources for a user facing web application, video streaming gateway (Wowza / Haivision / in-house), relational database (postgres), and similar, with either on-premise or cloud deployment. All can run on Linux and/or as docker containers. While I can live with some latency, it is better if the video streaming gateway is geographically close to the GPU machines.
* Based on user interacting with the web application, start and manage the application remotely on Windows GPU machines, which can be on-premise computers at customer sites or cloud machines (preferably on-demand as I don't expect 24/7 usage). The application is composed of several Windows processes. For on-premise that should include wake on lan as well.
* Load: in the near future up to 10-50 concurrent users (will hopefully grow), but each user currently needs a single GPU machine and about 300-1000 kbps bandwidth.

What approach or stack would you recommend to manage the resources and software? I am reading about Kubernetes and think it might be an overkill. Thanks!

https://redd.it/fq5ebz
@r_devops

Is it possible to go from Security to DevOps?

Hey guys I was wondering if anyone has made the jump from security to devops? I got in to security not too long ago because I began applying to get literally anything that isn't helpdesk and get experience beyond that and now I'm there. What can I do now to get closer towards DevOps? In my current role, I am required to have a basic understanding of powershell and be comfortable with bash and python so I am working on that now.

https://redd.it/fq69u9
@r_devops

Automating deployments to Kubernetes with Pulumi

hi all, I have created a repo for some code I am using to automate the deployment of some apps to Kubernetes with Pulumi. With this, I can rebuild my cluster with essential stuff needed for my app very quickly. Check it out if you are interested in Pulumi.

https://github.com/vitobotta/pulumi-kubernetes-deployments

https://redd.it/fqozpg
@r_devops

brand-new to AWS, trying to deploy deploy an app from github and i have some questions.

For my job, I am a software developer and we do a lot of our own DevOps. I am familiar with Travis CI, Jenkins, Helm/tiller (RIP), I've written my own dockerfiles, docker-compose, Jenkins pipelines, i know my way around the kubectl, I've written my own manifests, etc however we do not use AWS and it is totally foreign to me.

I have been meaning to get into AWS for a while because it's obviously a valuable skill to have, and I've finally found what I think is the perfect starter project for me - deploying a Minecraft server on a VM! My brother was complaining that his computer lags whenever he runs it locally for him and his friends to play on, so I figure this is a perfect side project for me to get my feet wet.

I was thinking I could set up a private Github repo that contains the server's `.jar` file, as well as the world save and stuff, and then I could set up some sort of pipeline on Github (Actions?) this is where it starts to get ambiguous for me. I'm fairly certain it's possible to deploy code from github to AWS, but I'm not even sure what the right resources/tools are.

To me it seems like my problem is twofold: I need to learn both Github Actions, and what the right AWS resource is for me. I have followed a small tutorial to deploy a basic linux VM on EC2, but I have no idea how to set up a pipeline such that I can push the code from my github repo, to this VM, and then run the command to start the server. I've tried to sift through the AWS docs but I feel like there's so much there, and I don't know what I don't know. Including keywords, what exactly the resources I should be using are, etc.

Any pointers in the right direction would be appreciated!!

https://redd.it/fqrjn1
@r_devops

When am I DevOps Engineer ready? Coming from a strong operations background(Linux) with nearly 10 years of experience, how do I know if I'm ready to jump on the DevOps bandwagon? I am great at Bash and Python scripting, also good with Configuration Management.

I have a decent understanding of "DevOps Philosophy", what problem it's trying to solve etc. But I do not have any Infrastructure as Code experience.

I have tried reading the Terraform documentation, and goddammit, it is LONG!, has lots and lots of arguments and resource declaration variables, etc. Mastering Terraform could take ages, let alone building production-grade, complex infrastructures with it.

I worked at an IAAS platform, so pretty good with KVM, Libvirt, Virtualization, and Docker as well, but haven't really messed around with AWS, though I have studied the terminology, (know that EC2 is a VPS, EBS is block storage, etc). I have worked with these tools, just not in an AWS infrastructure environment.

I can set up a simple CI/CD pipeline with a hello world app using Jenkins, Ansible, and Docker. Am I ready? If not how long would it take, and also what are the must-knows before I am ready?

Basically, whats a good signal to let me know I am ready to begin applying for these positions?

https://redd.it/fqrh80
@r_devops

AWS Devops! Terraform vs CloudFormation?

Hi everyone, as I a might move to the next company, and they use CloudFormation as their IaC solution, I wanted to ask more experienced, for pros and cons between terraform and cf.

I have 0 experience with CF for now, but I am more into terraform as of now. Terraform got my points, since their code is more readable, maintainable, and can be implemented for differentproviders.
However, I can not judge here because I don't have exp with CF.
So what are your pros and cons between these two tools, if you've been engineer of some medium complex AWS infrastructure?

Thanks.

https://redd.it/fqk3cm
@r_devops

CI Tool Research: Pros/Cons

This is a bug-bash type thread! Name the CI tool you use(d) (Open Source or Vendor, doesn’t matter), your experience with the tool (time and level of usage), pros and cons, and any features or fixes you’d love to see

https://redd.it/fqnjmq
@r_devops

Suggestions for Collaborative Projects

I was wondering if anyone had ideas for fun or interesting collaborative software development projects to do? The idea being if people are quarantined or working from and would like to work with others for learning and development purposes they could try one of these projects as a group to build some working software with various technologies they might not be familiar with.

https://redd.it/fqn8rx
@r_devops

closing the gap on k8s

I have started a position recently where they use K8s, early signs is that the team does not know enough to be proficient, they folk i work with are super honest that they don't know what they don't know, is there any gap analysis that could be done? anyone here ever done that? i looked on stackoverflow and a few other places but i also dont know enough on k8s to know what to be asking.

https://redd.it/fquqpz
@r_devops

Chromebook management with code?

I'm interviewing for a Client Platform Engineering job, where the company is 80% MacOS and 20% ChromeOS/Chromebooks.

I am very comfortable in the modern MacOS management world (old-school stuff like Jamf, open source tools like MicroMDM, Munki, Santa, Sal, Chef, etc). I could talk for hours about managing Macs with Infra-as-code tools.

On Chromebooks, however, I know basically nothing. The company already knows my Chromebook experience is at 0, and they are willing to interview me anyways, but I'd still like to show that I can do my research.

Are there any open-source tools for managing enterprise Chromebooks? I see Google has [some sort of API](https://developers.google.com/admin-sdk/directory/v1/guides/manage-chrome-devices) for it, but I don't really see anything like [MicroMDM](https://github.com/micromdm/micromdm), [Munki](https://github.com/munki/munki), [Sal](https://github.com/salopensource/sal), or other tools.

If they don't exist yet, that's fine too. I'm kind of preparing for a question around "how would you manage Chromebooks in a modern way, planning for scale & automation, using infra as code?" I just want to be able to talk some high level theory.

https://redd.it/fqx06n
@r_devops

What is the terminology of the cloud-based technology im developing for my dissertation?

Hi guys,

This may sound like a silly question, but for my dissertation I have been working on a tool which sits across several Rasperry Pis to create a layer of abstraction

Key Features:

\- DNS / DHCP

\- Pub/Sub Broker

\- Reverse Proxy ( can speak to nodes via [domain.com/node-01](https://domain.com/node-01) and [domain.com/node-01/deployment](https://domain.com/node-01/deployment) )

\- RESTful Deployment API ( Basically just a wrapper for docker-compose )

\- RESTful Repository API (Baiscally just a wrapper for git )

\- Reporter ( Currently only reports resource usage )

\- Public Key Store ( Just a database which stores public keys associated with mac address )

\- Leadership Election ( dynamically elects the head node and detects if it goes down to replace )

Security:

\- MTLS (from outside to proxy)

\- JWT for authorization and authentication ( inside the cloud using RSA keys )

From my limited research, I feel it sits at a lower level than kubernetes as it doesn't feature actual orchestration - Its designed for 3rd party developers to use the APIs and produce a system akin to kubernetes. But im not too sure what terminologies I can use to find similar systems and write a comparitive research project on this system.

Kind regards,

A student out of his depth

https://redd.it/fqwit6
@r_devops

Looking for a tool to intelligently handle notifications produced from automations

Looking for a tool for handling notifications that are produced by platform automations that my team and I are responsible for. These automations produce various types of alerts (e.g., job completed, security alerts, error in automation, etc.). The consumers of these notifications are a combination of hardcoded e-mails and database lookups from the event context. As such, there are many limitations that we're coming up against using this approach.

We're looking for a tool that can:

* We can send all these events to an "event hub."
* Consumers of these events can subscribe/unsubscribe from certain types of events
* Consumers of these notifications can customize which alerts they want to receive (and where) based on the context of the event (something like criticality\_level > HIGH)
* Allows multiple delivery channels, such as e-mail, Slack, Teams, Webhook
* \*Bonus\*: Notifications can be enriched using other data sources, such as a SQL DB or an API.

Things such as PagerDuty come to mind, but I've never used it. Is this a viable solution? Any other suggestions?

Thanks!

https://redd.it/fqmc1t
@r_devops

Using Azure App Service vs Azure Kubernetes

Is there and advantage to using azure app service with docker container over azure kuberenetes? In the container we can use workers on the gunicorn to scale the app while in AKS we can scale it the kuberenetes way.

I just wonder if there is any situation where you should go for one not the other except in terms of price?

https://redd.it/fqhsrv
@r_devops

Quick Help with Postman!

Hello! I am very new to this area and have a quick question that can hopefully be answered. I can elaborate as much as needed. Essentially I am trying to run a test in postman that grabs data from the body in a get response to put it in another test. I have tried creating an environment variable but have been messing those up hahaha. Here is a picture that should clarify my question. [https://imgur.com/a/2cn8XXD](https://imgur.com/a/2cn8XXD)

I want to categorize the ID from the body from my get request to my delete request so I don't need to replace the ID every time I invite a user.

https://redd.it/fqgrsr
@r_devops