Video Tutorial on how to configure an AWS Lambda function as a target for an Amazon Application Load Balancer (ALB)

In this video tutorial, I'll demonstrate how you can configure an AWS Lambda function as a target for an Amazon Application Load Balancer (ALB). This might be used to use the intelligent routing features of the ALB when you have multiple functions in an application or it can be used to add an SSL/TLS listener for public-facing endpoint of your application. Watch the video here: [https://youtu.be/56a-wAeEl7E](https://youtu.be/56a-wAeEl7E)

For more details on AWS Lambda, check out the Free Cheat Sheets from digital cloud training: [https://digitalcloud.training/certification-training/aws-developer-associate/aws-compute/aws-lambda/](https://digitalcloud.training/certification-training/aws-developer-associate/aws-compute/aws-lambda/)

This video lesson is an excerpt from our comprehensive training course for the AWS Certified Developer Associate to be released within the next few days! This is a great time to get started with your next certification and make sure your skills are cutting edge. The AWS Certified Developer Associate certification sets you apart from the crowd in a competitive market. Get started now with the comprehensive training course for the AWS Certified Developer Associate from digital cloud training. To secure your special launch offer, simply register your interest here: [https://digitalcloud.training/aws-certified-developer-associate-exam-training](https://digitalcloud.training/aws-certified-developer-associate-exam-training)

https://redd.it/fvomdu
@r_devops

Pre-production deployment best practices

I'm curious about the accepted best practices surrounding deployment to pre-production environments.

We follow a microservice architecture where each microservice resides in its own git repository. Several cross-functional teams work independently on their own microservices. We have a production environment and a single pre-production environment that is shared among all teams. When a commit is made to the master branch, it will be deployed to the production and pre-production environments automatically. Sometimes developers want to deploy only to pre-production so that they and the POs can test it in a "real world scenario". To do this the developer has to change the `.gitlab-ci.yml` file on their branch so that it will deploy to pre-production and then later change it back before merging into master.

This approach feels kind of "wrong" and "manual" to me. In order to see what state the pre-production environment is in, you have to look at the pipelines and find which one was the last one to deploy. It _can_ also easily happen that one developer overwrites changes to pre-production that another developer was testing without noticing (though in practice this is very rarely a problem). My first idea was to create a `staging` branch that will deploy to pre-production automatically and represent the state of the pre-production environment, analogously to the `master` branch. A significant problem with this is that the `staging` branch has to be resetted to `master` whenever there is a new commit to `master` so that the two branches don't diverge.

How are you handling this? Do you see a problem with our approach too, or am I simply obsessing over details again?

On a related note: How do you handle database rollbacks on the pre-production environment? For example: A developer my test a migration on the pre-production environment that didn't work. How can he rollback to a previous database state to test it again?

https://redd.it/fvd5ns
@r_devops

Packer not able to build a CentOS 8 template on vmware

Hello,I'm running Vmware vcenter 6.7, and packer 1.5.5 on centos 8I have successfully built a centos 7 template, but I'm struggling to make a template with centos 8.Here is my variables file (variables.json)

{
"vsphere_server": "192.168.0.51",
"vsphere_username": "[email protected]",
"vsphere_password": "password",
"vsphere_datacenter": "Datacenter",
"vsphere_datastore": "datastore",
"vsphere_folder": "Templates",
"vsphere_host": "host.domain.local",
"vsphere_network": "network1",
"vsphere_template_folder": "Templates",
"ssh_root_username": "root",
"ssh_root_password": "password",
"ssh_username": "admin",
"ssh_password": "password"
}

Here is my json file (centos8\_buildtemplate.json)

​

{
"builders": [
{
"type": "vsphere-iso",

"vcenter_server": "{{user `vsphere_server`}}",
"username": "{{user `vsphere_username`}}",
"password": "{{user `vsphere_password`}}",
"insecure_connection": "true",

"datacenter": "{{user `vsphere_datacenter`}}",
"host": "{{user `vsphere_host`}}",
"network": "{{user `vsphere_network`}}",
"datastore": "{{user `vsphere_datastore`}}",

"vm_name": "T-CentOS8",
"notes": "Build via Packer",
"guest_os_type": "centos8_64Guest",

"boot_wait": "10s",
"boot_order": "disk,cdrom,floppy",

"ssh_username": "{{user `ssh_root_username`}}",
"ssh_password": "{{user `ssh_root_password`}}",

"CPUs": "1",
"RAM": "2048",
"RAM_reserve_all": false,
"disk_controller_type": "pvscsi",
"disk_size": "32768",
"disk_thin_provisioned": false,
"network_card": "vmxnet3",

"convert_to_template": true,
"folder": "{{user `vsphere_template_folder`}}",

"iso_paths": ["[datastore] ISO/Linux/CentOS-8.1.1911-x86_64-dvd1.iso"],

"floppy_files": ["centos8_kickstart.cfg"],
"boot_command": [
"<esc><wait>",
"linux ks=hd:fd0:/centos8_kickstart.cfg<enter>"
]
}
]
}

Here is my kickstart file (centos8\_kickstart.cfg)

&#x200B;

install
cdrom
lang en_US.UTF-8
keyboard us
network --bootproto=dhcp
rootpw password
firewall --disabled
selinux --permissive
timezone UTC
bootloader --location=mbr
text
skipx
zerombr
clearpart --all --initlabel
autopart
auth --enableshadow --passalgo=sha512 --kickstart
firstboot --disabled
eula --agreed
services --enabled=NetworkManager,sshd
user --name=admin --plaintext --password password --groups=wheel
reboot

%packages --ignoremissing --excludedocs
u/Base
u/Core
u/Development Tools
openssh-clients
sudo
openssl-devel
readline-devel
zlib-devel
kernel-headers
kernel-devel
net-tools
vim
wget
curl
rsync
%end

%post
yum update -y


useradd admin
echo "admin" | passwd password --stdin
usermod -a -G wheel admin

# sudo
yum install -y sudo
echo "admin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/admin
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers

yum clean all
%end

Running packer

./packer build -var-file variables.json centos8_buildtemplate.json

Here is the packer output

vsphere-iso: output will be in this color.

==> vsphere-iso: Creating VM...
==> vsphere-iso: Customizing hardware...
==> vsphere-iso: Mounting ISO images...
==> vsphere-iso: Creating floppy disk...
vsphere-iso: Copying files flatly from floppy_files
vsphere-iso: Copying file: centos8_kickstart.cfg
vsphere-iso: Done copying files from floppy_files
vsphere-iso: Collecting paths from floppy_dirs
vsphere-iso: Resulting paths from

floppy_dirs : []
vsphere-iso: Done copying paths from floppy_dirs
==> vsphere-iso: Uploading created floppy image
==> vsphere-iso: Adding generated Floppy...
==> vsphere-iso: Set boot order...
==> vsphere-iso: Power on VM...
==> vsphere-iso: Waiting 10s for boot...
==> vsphere-iso: Typing boot command...
==> vsphere-iso: Waiting for IP...

And console output (sorry for typo made by OCR)

boot: linux ks.hd:fd0:/centos8_kickstart.cfg 6.730445] dracut-pre-udeuI500]: modprobe, FATAL: Module floppy not found in directory /lib/modules/4.18.0-147.e18.x86_64 I OX ] Started Show Plymouth Boot Screen. I OX ] Reached target Local Encrypted Volumes. I OX ] Reached target Paths. I OX ] Started Forward Password Requests to Plymouth Directory Watch. 1 8.998201] sd 0:0:0:0: Isda] Assuming drive cache: write through I OX ] Started udeu Wait for Complete Deuice Initialization. Starting Deuice-Mapper Multipath Deuice Controller... I OX ] Started Deuice-Mapper Multipath Deuice Controller. Starting Open-iSCSI... I OX ] Reached target Local File Systems (Pre). I OX ] Reached target Local File Systems. Starting Create Volatile Files and Directories... I OX ] Started Open-iSCSI. Starting dracut initqueue hook... I OX ] Started Create Volatile Files and Directories. I OX ] Reached target System Initialization. I OX ] Reached target Basic System. 1 9.530734] dracut-initqueue(962]: mount: /run/install/repo: WARNING: de ice w e-pro ected, mou ted read-only.

then

[ 193.337189] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 193.878185] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 194.416283] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 194.954105] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 195.490848] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 196.033057] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 196.572525] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 197.115108] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 197.654665] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 198.190656] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 198.733470] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 199.275330] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 199.822282] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 200.360310] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 200.898201] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 201.437377] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 201.975400] dracut-initqueue9621: Warning: dracut-initqueue timeout - starting timeout scripts [ 202.513043] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 203.050550] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 203.588125] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 204.126720] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts [ 204.667917] dracut-initqueue[962]: Warning: dracut-initqueue timeout - starting timeout scripts 1 . dracut-InItqueue[962]: Warning: Could not boot. Starting Setup Virtual Console... [ Oil ] Started Setup Virtual Console. Starting Dracut Emergency Shell...
,enerating ",run'initramfs/rdsosreport.txt"
entering emergency mode. Exit the shell to continue. Type "journalctl" to view system logs. You might want to sane "/run/initramfs/rdsosreport.txt" to a USB stick or /boot •fter mounting them and attach it to a bug

report.
,racut:41 _

I have to kill the VM then.

The similar files for CentOS 7 work perfectly though.

Does anyone made a successful centos 8 template for vmware, what am I missing ?

Thank you very much for your help

https://redd.it/fvdtwy
@r_devops

To all cloud engineers: what database Skills do you use or need at work?

I have an interview coming soon for an. Operations engineer role in cloud. Of the job descriptions they mention “database management” skills. I checked other job descriptions of the same role and all they mention is “database skills required”. I couldnt find anything that explains exactly what database skills do cloud operations engineers need or use. Can you please provide examples? Do i need to learn query? Installing of sql servers? Is it just database administration skills?

https://redd.it/fv61lj
@r_devops

Jenkins: How to automate CPU profile checks?

Hey,
what do you use for cpu profile check automation?
I’m a bit lost how to get useful information from cpu profile diff
What I want is the following:

1. Start service from the branch
2. Replay bunch of traffic
3. Collect profile
4. Repeat #1 #2 #3 for the master
5. Check profiles' diff

It's not clear how to profile. In different moments of time, the app is doing a different job, not just processing the requests. Reloading something or rebuilding for example.

https://redd.it/fv4b9k
@r_devops

Free Ansible DevOps Books from Jeff Geerling

Available all month long, via LeanPub. Blog article covering the details: https://www.jeffgeerling.com/blog/2020/my-devops-books-are-free-april-thanks-device42

Happy reading!

https://redd.it/fvst2h
@r_devops

Regarding Github actions & DigitalOcean

I have a React project connected with a remote repo on GitHub, I also have GH Actions set up so that every time I make a push to my master branch, the Action will schedule a job and then my latest changes get deployed on my Linux server. However I noticed that during a script

npm ci

that is in my yaml file, it takes forever to complete b/c I'm guessing it's installing all of the modules, like react, react-dom, babel, etc. So I decided to scrap the npm ci command and decided to just run no scripts, and just have the push apply changes, because I just care about the build file. Since that's the case I might find that in some cases, I may just want a separate branch that only has my build folder

dist

, and have the actions set up jobs every time that separate branch gets a push, but every push will always contain the dist file changes only (new react build). I don't know if it's possible but, could you some how maintain a branch that ONLY has a specific file/s? Because I know if I make a new branch, I would have to make sure that branch does not have all the other files, like the

src

folder for React.

https://redd.it/fvqirv
@r_devops

Foreman vs Uyuni vs Spacewalk? what's the best free tool?

What's best for provisioning/config mgmt of Linux servers/workstations?

https://redd.it/fvlucn
@r_devops

Anyone else find open source projects very reluctant to improvements?

I recently contributed to the improvement(my own time) of few projects because many of their features were broken. So I made a fork and opened a PR, to find out that they weren’t happy with the changes I made because “too many changes”

Others didn’t even bother reviewing it, yet there is a project that’s broken. I obviously made my own forked version and continued using it.

Any ideas on how to contribute to improvements of open source projects without maintainers being so defensive?

https://redd.it/fvnocn
@r_devops

Any good strategy to cultivate interest and become super passionate about technologies as Kubernetes and Terraform again?



https://redd.it/fvjtxc
@r_devops

Best country to travel to from Northern Europe for doing cheap Red Hat, AWS, Terraform and Kubernetes trainings?

This is a question oriented to the future. During the corona crisis, of course, I do not intend to travel.

https://redd.it/fvjsmw
@r_devops

Azure Cognitive Search API kill-switch

Hello fellow SRE’s,

Has anyone tried to implement a kill-switch for Azure’s [Cognitive Search API](https://azure.microsoft.com/en-us/services/search/) so far? Basically, we have a Java SpringBoot microservice running in GCP GKE that’s calling Cognitive Search API but after scaling the app out our cost ramped up quite fast & we can’t control it.

Is there a way one could restrict API calls to Cognitive Search in any way if a certain billing threshold is reached? I have no experience with Azure so far...

Thank you

https://redd.it/fvwy7b
@r_devops

Tutorial: Standing up an EKS Cluster with Terraform

I've been playing with EKS lately and wanted to ensure I define my IaC so I wrote the following article on how to do this with terraform. Hopefully its helpful! [https://link.medium.com/0doYsmoXp5](https://link.medium.com/0doYsmoXp5)

https://redd.it/fuzgno
@r_devops

Misconfiguration in the Cloud

‘Soon most of the attacks on the cloud environment will be the result of misconfigurations, lack of customizable security profiles, and auto-remediation by organizations in their day-to-day” — 

Just wrote a new article about Misconfiguration in the cloud any feedback or new ideas on how to mitigate it will be very helpful

[https://medium.com/@fernando0stc/misconfigurations-in-the-cloud-be-prepared-before-they-cause-you-headaches-1a92c2979eff](https://medium.com/@fernando0stc/misconfigurations-in-the-cloud-be-prepared-before-they-cause-you-headaches-1a92c2979eff)

https://redd.it/fuym1z
@r_devops

How does your company enable you to properly implement DevOps/SRE principles?

I've been very frustrated with the way my company and team(s) sees DevOps/SRE. Doing anything the "right way" is shot down for reasons ranging from red tape to "because we said so". I've pushed very, very hard to change things to the best of my ability for as long as I've worked here, and in some ways things have improved, but only marginally so. I just do not have any buy in from the teams I work with or anyone in management/leadership positions as much as they love to talk about us "doing devops" because we have a decent CI/CD flow and a few other things. I've basically thrown my hands up and transitioned back to a standard SWE position. Which, that being said, I do enjoy regular feature work a lot, but the difference in support and treatment for SWE vs. DevOps/SRE at my company is absolutely staggering.

Would love to hear stories from the other side of the spectrum where y'all are being actively supported and enabled to improve things.

https://redd.it/fuxebu
@r_devops

Is there any way to launch predefined bash scripts from Slack?

Hello, redditors,

I want to let employees run some predefined bash scripts right from Slack.

Do you know any good software to do it?

What about security?

I saw solutions for running SQL queires like SQLBot, but nothing for bash.

Scenarious:

/slackbot server1 reboot

/slackbot server2 show nginx status

/slackbot server1 addtorepo [[email protected]](mailto:[email protected])

https://redd.it/fvz7nj
@r_devops

Flash sales on A Seat at the Table book on 23.04 and 24.04

Hey everyone,

to give you heads up, the IT Revolution books are doing World Book Day promotion on April 23 and 24, and the book *A Seat at the Table* by Mark Schwartz will be $0.99.

https://redd.it/fvz0m5
@r_devops

permission denied when reading root owned bind mounted file in container

Dear all,

&#x200B;

I have a weird situation where I need to use an in house binary (let's call it binary x) shipped in a docker container. Said container runs the binary as an unprivileged user with the same name as the binary. The binary needs a username and password to function. Not wanting to store the username and password in the container, I thought about storing them in a root owned, mode 500, on the host and bind mount it in the container for use.

&#x200B;

The issue I'm having is that, since the container username is unprivileged, it can't read the file.

For kicks, I tried another container that runs its app as root but still can't read the bind mounted file (permission denied).

&#x200B;

How can I read a root owned file, mode 700 from the host machine in a container that either has or does not have its own root user?

https://redd.it/fw2f4l
@r_devops

Jenkins needs access to my AWS pem key in linux users .ssh directory. What's best practices for giving Jenkins access to pem keys on a linux box?



https://redd.it/fvxlp9
@r_devops