Advice on deployment

Dev here, I don't know much about devops, wanted to ask the advice of this community:

How should I automate application deployment?

Right now my a personal project where I have to keep a certain application running 24/7 I do all deployment manually. I build on my local machine, scp the binary into the target machine, ssh into that machine, try to run the binary, if some libs are missing, trying to re-trace my steps when I originally installed them on my local machine. (For context, this is C++)

This is horrible. How do I automate this? At work I've seen people use Octopus (but that's mostly for windows, I'm developing for linux) and I really like the functionality and visual interface. Is there an analogous tool for linux that compiles, packages, and deploys into a target machine?

Thanks for the help

https://redd.it/ft0uh5
@r_devops

What should be logged on production API servers?

I'm currently only logging the most basic stuff on my API servers via stdout and stderr - anomalies and server errors.

Should I also be logging the metadata for each individual API requests (IP, request headers)?

What about about API responses? Should I also be logging those as well (probably not to stdout but something more secure)?

What are other things that I'm missing that I should be logging on production servers?

https://redd.it/fsyov9
@r_devops

Ansible 101 video streaming series

Hi everyone, I wanted to mention the YouTube streaming video series I started last week (and finished off Episode 2 this morning!), [Ansible 101 with Jeff Geerling](https://www.jeffgeerling.com/blog/2020/ansible-101-jeff-geerling-youtube-streaming-series) — in case you need something to fill a few hours, and help you learn a bit of Ansible, starting from the basics.

And, this was mentioned earlier in r/devops, but my two Ansible books [Ansible for Kubernetes](https://www.ansibleforkubernetes.com) and [Ansible for DevOps](https://www.ansiblefordevops.com) are currently free on LeanPub. If you get them free today, you'll get updates to both books as I publish them, free forever!

I especially hope this can help some people who may have been laid off or furloughed recently, to learn some new automation skills and maybe take a new path in their careers!

https://redd.it/ft7iw8
@r_devops

Homelab, Foreman/Terraform/Others, so many options

Hi Folks,

I've been working on building my own DevOps ecosystem in my homelab, firstly for infrastructure management, and once that's done then I want to setup CI/CD/dev pipelines akin to "traditional" DevOps for a bunch of FOSS stuff I want to use.

The part I've been wrestling with is streamlining the process of updating (and managing/tracking) software updates/packages on my array of VMs (whether they are defined as code or not).

Sure, I can _install_ software packages with Puppet/Terraform/others, but I want to, in a "central dashboard" regard, see when VMs need their software updated (from package managers, of course) and then blanket instruct them to update (and reboot if need be). But right now, I'm only really seeing that possible with Foreman, and only in a very specific way to manage Ubuntu VMs (my primary OS here). I haven't got it setup to do this successfully just yet, but I think I know what I need to do next to do that.

That being said, this kinda feels like I'm doing it the hard way, and when I try to find other ways to achieve the same goal, I either come up with a paid tool that does this, or nothing that's really quite the same.

So, what would you folks think is worth me exploring to meet this functional need I have? I don't want to just streamline provisioning, enforcing stateful stuff, but also keep my shit up to date in an efficient and organised way (very manual right now).

edit: strictly looking for all-open-source tooling here, as that's generally what's used in the career direction I'm heading.

https://redd.it/ft25vw
@r_devops

Suggestions to avoid version control secrets files e.g certs and configs with secrets

So am thinking of an approach to avoid version control secrets files that need to be laid down during a provisioning an infrastructure.

Right now, what comes to mind is upload the files to s3 manually and have terraform retrieve it. The files don't change often. I don't think this is a novel solution.

Any other ideas?

https://redd.it/ft9yyd
@r_devops

Where do folks keep their oncall playbooks?

I'm not sure if this is common but although the number of tools have exploded to support the oncall engineer. From monitoring, alerting, and scheduling, I haven't seen anything that necessarily makes it easier to use these tools. At one of my last startups and one of the big four before that, we would either write notes on the alerts themselves (e.g. Last time, it was the load-balancer) or create "Runbooks" in confluence/wiki.

​

How do others keep this type of information up-to-date and made useful?

https://redd.it/ft9mfv
@r_devops

Is it worth to get Kubernetes training & certifications?

The last tech certification I took was MCSE in 2001. After that I got Scrum master certification because the company paid for... back to my question what do you folks think about the official k8s training? I already have around 3-4 years of experience with Kubernetes but I self-taught it and I don’t know if I’m missing something that I would get in a formal training?

While I personally don’t see much value in certifications, would that pass a good message to the market? I’m not looking for a new job but with all this COVID thing I want to get prepared

https://redd.it/ft9wvz
@r_devops

AsyncAPI — OpenAPI-like specification for event-driven architectures

I'm leaving the link here. Hope you find it interesting: https://www.github.com/asyncapi/asyncapi.

https://redd.it/ftcqqm
@r_devops

Is it possible to build a CI + CD pipeline from scratch with Github, Travis CI, and an AWS emulator instead of the real AWS?

Is it possible to build a CI + CD pipeline from scratch with Github, Travis CI, and an AWS emulator instead of the real AWS? I want to take a course and learn DevOps, but I can't because I don't want to get an AWS account unless there's a way to force AWS to freeze if I went above the limit, but I know they don't allow you to do that because they are earning money from people who don't check their credit card regularly.

https://redd.it/ftalp9
@r_devops

Production log aggregation service?

What is the recommended service for log aggregation and monitoring? We have limited engineering resources at the moment so won’t be able to dedicate time to build our own, so a paid (or free?) service would be preferred.

https://redd.it/ft421x
@r_devops

Deploying windows software to client servers over internet

My company has a legacy product (Windows services and a SQL Server DB) that runs on our clients' servers. Today, we VPN / remote into their servers to run .msi installers.

I'm looking for tools that remove the need for remoting, and ideally centralize all of this management. It would have to be very secure, since we're installing software on another company's network. And it would need auditing and RBAC.

So far, Octopus Deploy looks like a good candidate, but it's expensive at scale. Most other products seem to focus on CI/CD within your own network or cloud, and it's unclear how well they'd work in our case.

Any one doing something similar, or know of a tool that would be a good fit?

https://redd.it/ft8ajs
@r_devops

Build Once, Deploy Many - Gitlab CI/CD example with Docker

Hey guys, I recently dived into Gitlab CI/CD and documented my findings on my CI/CD pipeline which uses a build server to manage docker images which later pushes out the built image out to a server I want to deploy to. [Here's the documented example and approach I ended up going with.](https://github.com/nikitabuyevich/gitlab-docker-build-to-deploy-cicd)

Any thoughts on this approach?

https://redd.it/ftepyf
@r_devops

Doing webinar the right way

I recently created a poll on twitter to know what DevOps on my TL will be interested in learning

[https://twitter.com/dapseen/status/1238872065807089666](https://twitter.com/dapseen/status/1238872065807089666)

Tools: I am thinking of using zoom, although i am still open to others

Topic: CI/CD bitbucket & EKS

Any advise on creating a successful webinar

https://redd.it/ftebv8
@r_devops

Help: How do I rotate secrets autonomously?

Example:

Secret is a GCP Service Account Key stored in a k8s secret and loaded into a Rails app that needs to be rebooted to load the secret therefore the original service account cannot be destroyed until successful reboot

https://redd.it/fteb2p
@r_devops

Am I doing this right? Laravel Project + Gitlab CI/CD + Docker Build

I have a laravel project that I'm trying to docker'ize. I have Gitlab CI/cd setup and I'm building a docker image containing the application, compiling my code (npm run build), pushing to my docker registry and then running docker pull on my production servers. Am I going about this right? I've looked through Kubernetes, but it seems a bit complex for use.

https://redd.it/ftd5tf
@r_devops

When can i say a code is expensive?

Technical debt is real when architecting infrastructure.

As a DevOps engineer and software architect, when do you say a code is expensive, can reddit give scenarios of expensive code and what makes code to be expensive.

https://redd.it/fte3sy
@r_devops

Magical Circuits: Opensource DevOps for game industry projects

Some days ago i published an article on [Gamasutra](https://www.gamasutra.com/blogs/JoseMoreira/20200327/360277/Optimising_UE4_Project_Builds_With_Cloud_Native_Infrastructure_And_Containers.php) and last night [on my own website](https://zemanel.eu/posts/2020/03/side-b-soft-launching-magical-circuits/), publicly announcing [Magical Circuits](https://magicalcircuits.com).

Basically been researching into cloud-native tech and architectures for Unreal Engine projects (and related workloads). Currently just setting stuff up, chatting with people from the industry, planning and gaining momentum. There's a good chance this announcement is going to be published through the CNCF newsletter soon ¯\_(ツ)_/¯.

I hope to, over the course of this and next year, publish some tools and content. For example, I have been outlining the topics for a book, as i mention in the article on my website.

I've also setup a [Patreon account](https://www.patreon.com/MagicalCircuits) to support the project and myself (things a bit rough on the jobs side also because of the cov-19). Working on additional Tiers as things develop. Please subscribe and share!

Feel free to reach out with any feedback! I've also setup a [Twitter account](https://twitter.com/MagicalCircuits) and a [Discord server](https://discord.gg/HAhBmB). Activity is low at the moment. Thanks!

https://redd.it/ft861l
@r_devops

Install a centralised Vault server that can be accessed by developer locally, CI/CD, and inside the Kubernetes cluster

I recently tried installing Vault Integrated Storage to achieve Hashicorp’s recommended HA architecture. That means I have 4 Vault servers installed separately in AWS and 1 server is appointed to be the leader. This is my desired setup so that my organisation can access it for their local development, feed CI/CD, and also use it in production environment. It works fine when just testing the features.

But it did not work when I tried adding Vault injector and use the external Vault server that I setup above. Part of Vault + Kubernetes setup is to install the vault servers inside the K8s cluster but it is not really recommended due to the nature of Kubernetes.

I want to have a Vault cluster with HA architecture that is outside Kubernetes and be able to accessed by anyone and also the pods.

Who has a similar setup that works?

Thanks!

PS: I have already followed the guides by Hashicorp. Especially installing using Consul or Raft.

https://redd.it/ft7eey
@r_devops

LAMP server deployment

Using ansible, how could I split that on 1 vm it could run and configure Apache and on the other vm setup and configure mysql or mariadb . Any links or documentation would be very appriciated.

Sorry for the noob question, recently started taking interest into DevOps.

Have a good day

https://redd.it/ft3gep
@r_devops

Learning Kubernetes

I have been using Docker with my previous company and the tech stack of my next job requires me to know Kubernetes. Are there any good resources/tutorials to learn Kubernetes from scratch?

https://redd.it/ft3ctf
@r_devops

On furlough for 3 months, What should I learn.

Hello all, I have been placed on furlough along with a lot of others in my business, from the UK. What are some things that I could learn in that time? In my day-to-day working with AWS e.g. Cloudformation, API Gateway, and so on.


So I decided at this time I'm going to treat Monday to Friday as normal work time,


I've decided on the following so far


\- Docker

\- Getting better at Python
\- Working towards AWS Dev Ops Pro


Got any suggestions for personal development so I can come back to the business stronger,


Thanks in advance.

https://redd.it/ft35tt
@r_devops