Getting '502' Errors on creating a simple load balancer through NGINX

Im creating a simple LB using two Azure VMs using Nginx and getting '502 bad gateway errors'. Im probably doing a simple mistake but cant figure it out, my firewall through Azure allows TCP connections through 80, and also remove the symbolic link. My nginx.conf file is as follows:

​

`http {`

​

`upstream backend {`

`server` [`13.x`](https://13.82.231.115)`xx.xxx.xxx;`

`server` [`52.x`](https://52.149.201.19)`xx.xxx.xxx;`

`}`

​

`# This server accepts all traffic to port 80 and passes it to the upstream.`

​

`server {`

`listen 80;`

​

`location / {`

`proxy_pass` [`https://backend`](https://backend)`;`

`}`

​

`access_log /var/log/nginx/access.log;`

`error_log /var/log/nginx/error.log;`

`}`

`}`

​

I can run a simple web page and access it and it gives the default NGINX splash screen, but the LB thing doesnt work, my error.log shows these messages

"2020/04/29 21:33:44 \[alert\] 20746#20746: \*1 open socket #3 left in connection 2

2020/04/29 21:33:44 \[alert\] 20746#20746: \*2 open socket #10 left in connection 3

2020/04/29 21:33:44 \[alert\] 20746#20746: aborting"

https://redd.it/gaial1
@r_devops

Low ESX to VM density

I encountered this statement recently.

What does this mean?

> low ESX to VM density (1:9)

ESX is a hypervisor. VM is the virtual machine. Is this saying that the number of hyper visors should be higher relative to the number of VMs? Is the suggestion that there should be more hypervisors? More hypervisors -- I'm assuming -- gives more granular control over each individual VM?

https://redd.it/gagpma
@r_devops

Sidecar container pattern is the best we can do?

Am I the only one that thinks sidecar container patterns bring the worst of system administration into the containerized world? e.g (IPC) communicating between processes using the file system. or [https://www.reddit.com/r/kubernetes/comments/g7sw1o/running\_crontabs\_in\_pods\_as\_sidecars/](https://www.reddit.com/r/kubernetes/comments/g7sw1o/running_crontabs_in_pods_as_sidecars/)

https://redd.it/gatpkg
@r_devops

Preseed file for Ubuntu 18.04 / 20.04 hanging on formatting disk screen

Hello,I'm trying to create a working preseed file to automate the installation of an ubuntu VM version 18.04 or 20.04 via packer.

packer build -var-file variables.json ubuntu_buildtemplate.json

The problem is that it does start the setup selecting the different options but :

​

* On Ubuntu 18.04 On the "Filesystem Setup" screen it loops on "No" in the pop up window: Confirm destructive action selecting continue below will continue the installation process and results in the loss of data on the disks selected to be formatted.
* On Ubuntu 20.04 Gets stuck on the "Guided Storage Configuration"screen Use entire disk is checked but no validation pop up

Here is the json file:

​

{
"builders": [
{
"type": "vsphere-iso",

"vcenter_server": "{{user `vsphere_server`}}",
"username": "{{user `vsphere_username`}}",
"password": "{{user `vsphere_password`}}",

"insecure_connection": "true",

"vm_name": "T-ubuntu",
"datastore": "{{user `vsphere_datastore`}}",
"folder": "{{user `vsphere_folder`}}",
"host": "{{user `vsphere_host`}}",
"convert_to_template": "true",
"network": "{{user `vsphere_network`}}",
"boot_order": "disk,cdrom",

"guest_os_type": "ubuntu64Guest",

"CPUs": 1,
"RAM": 2048,
"RAM_reserve_all": false,

"disk_controller_type": "pvscsi",
"disk_size": 80000,
"disk_thin_provisioned": false,

"network_card": "vmxnet3",


"ssh_username": "{{user `ssh_username`}}",
"ssh_password": "{{user `ssh_password`}}",

"iso_paths": [
"[datastore1] ISO/Linux/ubuntu-18.04.4-live-server-amd64.iso"
],

"boot_command": [
" d-i auto-install/enable boolean true<wait>",
" d-i debconf/priority select critical<wait>",

" d-i debian-installer/locale string en_US.UTF-8<wait>",
" d-i localechooser/supported-locales multiselect en_US.UTF-8<wait>",
" d-i console-setup/ask_detect boolean false<wait>",
" d-i keyboard-configuration/xkb-keymap select GB<wait>",

" d-i /choose_interface select auto<wait>",
" d-i netcfg/get_hostname string unassigned-hostname<wait>",
" d-i netcfg/get_domain string unassigned-domain<wait>",
" d-i hw-detect/load_firmware boolean true<wait>",


" d-i mirror/country string manual<wait>",
" d-i mirror/http/hostname string archive.ubuntu.com<wait>",
" d-i mirror/http/directory string /ubuntu<wait>",
" d-i mirror/http/proxy string<wait>",


" d-i passwd/root-login boolean true<wait>",
" d-i passwd/root-password-crypted password !!<wait>",
" d-i passwd/make-user boolean false<wait>",


" d-i clock-setup/utc boolean true<wait>",
" d-i time/zone string UTC<wait>",
" d-i clock-setup/ntp boolean true<wait>",
" d-i clock-setup/ntp-server string ntp.ubuntu.com<wait>",

" d-i preseed/early_command string umount /media || true<wait>",

" d-i grub-installer/only_debian boolean true<wait>",
" d-i grub-installer/with_other_os boolean true<wait>",

" d-i partman-efi/non_efi_system boolean true<wait>",
" d-i partman-auto/disk string /dev/sda<wait>",
" d-i partman-auto/init_automatically_partition select biggest_free<wait>",
" d-i partman-auto/method string regular<wait>",
" d-i partman-auto/choose_recipe select atomic<wait>",

" d-i partman/confirm_write_new_label boolean true<wait>",
" d-i partman/choose_partition select finish<wait>",
" d-i partman/confirm boolean true<wait>",
" d-i partman/confirm_nooverwrite boolean true<wait>",
" d-i

partman-auto/confirm boolean true<wait>",

" d-i base-installer/install-recommends boolean true<wait>",
" d-i base-installer/kernel/image string linux-generic<wait>",
" d-i debconf debconf/frontend select Noninteractive<wait>",

" d-i apt-setup/restricted boolean true<wait>",
" d-i apt-setup/universe boolean true<wait>",
" d-i apt-setup/backports boolean true<wait>",
" d-i apt-setup/use_mirror boolean false<wait>",
" d-i apt-setup/services-select multiselect security, updates<wait>",
" d-i apt-setup/security_host string security.ubuntu.com<wait>",
" d-i apt-setup/security_path string /ubuntu<wait>",


" d-i tasksel/first multiselect none<wait>",
" d-i pkgsel/include string openssh-server python<wait>",
" d-i pkgsel/upgrade select full-upgrade<wait>",
" d-i pkgsel/update-policy select unattended-upgrades<wait>",


" d-i pkgsel/include string openssh-server vim git tmux build-essential open-vm-tools telnet wget curl python<wait>",


" d-i debian-installer/splash boolean false<wait>",
" d-i cdrom-detect/eject boolean true<wait>",

" d-i finish-install/reboot_in_progress note<wait>",
" d-i debian-installer/exit/poweroff boolean true<wait>"
]
}
],


"provisioners": [
{
"type": "shell",
"inline": ["echo 'Template build complete'"]
}
]
}


Has anyone made a working preseed for ubuntu ?
What am I missing ?


Thank you for your help

https://redd.it/gaglte
@r_devops

Offline server for automatic backups?

A want to disclaimer that this is not related to me, I am just wondering how to solve this problem correctly.

Lately in my country there was an ransomware attack on two universities of which data became encrypted. Lets try to ignore how this happened, the most important part is that the backups were also encrypted and therefore useless.

This leads me to suspicion that if the attack has been done by taking the root access to the main server, then the main server has also direct access to backup servers which seems like big security flaw unless we have an secure backup of the backup servers.

How would you create an automatic backup of the server in such a manner that even if root account was compromised, the attacker would not be able to touch the backups stored on another (secured) server?

My first idea is to make an use of some external tool that is able to perform operation on both machines (lets simplify it to SSH access), but the tool itself is in private network accessible only from the inside of the building.

https://redd.it/gaaoyc
@r_devops

ci/cd pipeline for deploying once every few months?

I always worked in companies that deploys at least once per week but I recently moved to company that is in highly regulated environment. Because of that our software needs to be validated before each deployment and in general is painful :D
I'm the only devops engineer there. Here is how the process looks:
1. Merge to dev builds new docker images and deploys to ECS
2. Merge to test at specific time. New image is build deployed. QA validates move to uat.
3. Merge to uat. Again images are built and deployed to uat cluster.
4. Manual step in prod. pick build number in Jenkins and it changes that tag in ecr repository and redeploy ecs services.

However, I find that Jenkins is not very flexible with these infrequent deployments. I'm not even sure how to start to improve this build process as we only deploy to prod once every 2 months and every deployment is very painful, because usually not only code but also infrastructure changes.

https://redd.it/ga7x22
@r_devops

Are there any business classes that one would consider essential?

I am currently pursuing a BS in computer science.

Just as the title states, would certain business classes help me pursue a career as either a DevOps engineer or an SRE?

I understand that DevOps is a philosophy, so even if not business. Are there any classes outside of the standard curriculum that would be beneficial?

https://redd.it/gaaoez
@r_devops

Do you prefer GitLab or Jenkins?

Student, totally newbie on the topic. When trying to work on a team and realizing the problems of merge hell, i've concluded that having an structured pipeline and continuous integration is the way to go. After some research, both GitLab and Jenkins caught my eye. There are tons of features to compare between the two, but i could only understand so far (also, some of posts were outdated so they aren't necessarily making fair comparissons since they didn't have new features on mind). In general, what caught my eye about Jekins is the great customization with plugins / full workspace control. In general, what caught my eye about GitLab is that it doesn't always have to be self hosted and is easier to setup / get going with. Which one do you prefer and why? Does one scale better than the other?

https://redd.it/gayl97
@r_devops

AZ-204 Exam Prep

Hey all,

I've been going over the AZ-204 prep pretty heavily. I noticed that for the AZ-204, Microsoft changed the exam guide and it will be updated in May which you can find [here](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4oZ7B).

The one thing that stood out to me was that Microsoft is now specifying Azure PowerShell and AZ CLI. Before it was just something along the lines of "know an SDK".

Because of that, I put together a GitHub repository that is currently a work in progress with PowerShell/AZ CLI code for each module on the AZ-204. If you like it or would like to contribute to the idea, feel free to let me know! [https://github.com/AdminTurnedDevOps/AZ-204-Code](https://github.com/AdminTurnedDevOps/AZ-204-Code)

https://redd.it/gawevd
@r_devops

Ansible Role for Linux hardening

If you treat security as the first-class citizen, this a go-to blog for implementing the CIS practices in your current environment.

\#Linux #CIS #Security #Opstree

[https://blog.opstree.com/2020/04/29/linux-os-hardening-cis-benchmarks/](https://blog.opstree.com/2020/04/29/linux-os-hardening-cis-benchmarks/)

https://redd.it/gau1va
@r_devops

HASHICORP Vault - Entities created with name from ldap attributes with OIDC method

Hey guys,

just wanted to ask if anyone knows if it is possible, to configure Vault in a way, that after an successful SSO login of a new user (we are using OIDC) the entity, which is automatically created, gets the name from an ldap attribute (or attributes .... givenName & sn e.g)

&#x200B;

Thanks and cheers,

&#x200B;

Wurzelseppi

https://redd.it/gauwaq
@r_devops

I wrote a tutorial on deploying your Django app using Docker

Hello everyone!
I wrote my very first tutorial that covers almost everything about setting up a Django app using Docker containers, from building the app to setting up the database to configuring Nginx. This is written at a beginner friendly level with each step explained. Do check it out and provide feedback!

[How to Deploy your Django App using Docker](https://blog.bitsacm.in/django-on-docker)

https://redd.it/gaqp0k
@r_devops

HOw do I make sure a variable in helm isn't overridden?

I've deployed Concourse using the concourse/concourse helm chart with Vault integration. Within out overrides we have the approle id and secret id which I've set but not committed to git. How do I make sure that when the rest of the team are doing upgrade releases that value doesn't get overridden without committing it to git?

https://redd.it/garqr8
@r_devops

What do you wish you knew when you started your career in DevOps?

I feel like I have a good handle on this question because I've hired and trained 100s of DevOps engineers over the course of my career. Most of them were pretty junior when I hired them and were later able to be promoted or obtain senior jobs in other companies.

That said, I am not sure my experiences as an engineer, manager and executive covered all the possible spectrums of experience. Most of my time was spent in Silicon valley and I'm sure things are a bit different in other areas.

I created a course to teach aspiring DevOps engineers and I'm supplementing the material and fine tuning it now. If you wouldn't mind sharing, what do you feel like you were missing at the start of your career that would have helped you advance faster?

https://redd.it/gaqq03
@r_devops

I run completely free Engineering Bootcamps onTwitch!

Hey Everyone! I hope all is well. I'm dropping in to again to let you know the next round of bootcamps is starting this upcoming week! I'm starting up 3 new 8 week bootcamps next week and wanted to share in case any of you are looking to dive into any of these disciplines. They're completely free, and no signup is required. Just follow the [Twitch channel](https://twitch.tv/mastermndio), tune in and have fun!


\- Horizons: A Journey into Cloud Computing with AWS - Beginner
\- deCoded: A Journey into Software Engineering and Computer Science - Beginner
\- Pipelines: A Journey into Software Delivery, Automation and Infrastructure(DevOps/SRE) - Intermediate


Info for each can be found  [here](https://academy.mastermnd.io/journeys/)

Let me know if you have any questions and I hope to see you there!


P.S. The Intro to DevOps bootcamp we ran earlier this year can be found here at this playlist!
[https://www.youtube.com/playlist?list=PLleOCN2eBn8IhLAckXL0BWomad5lrhB8j](https://www.youtube.com/playlist?list=PLleOCN2eBn8IhLAckXL0BWomad5lrhB8j)

https://redd.it/gb6o1w
@r_devops

DevOps Days Conferences

Hi There! Have you attended a DevOps Days event? What are some of the outcomes you got from it?

I personally attended 3 editions, last year's in Baltimore and DC, this year in NYC. I supposed to give a talk in Baltimore last week, but due to the pandemic, the event was canceled.

Anyway, I like very much the format of these conferences with talks, ignites, and open spaces. And the food, of course!

As I started writing this year, I took the opportunity and wrote my outcomes and insights into this year's NYC event. You're welcome to read at:

[https://medium.com/devops-cloud-it-career/devops-days-new-york-city-2020-outcomes-and-insights-79d3bdf984e0](https://medium.com/devops-cloud-it-career/devops-days-new-york-city-2020-outcomes-and-insights-79d3bdf984e0)

I hope our new normal after this pandemic allow us to get back together to discuss DevOps in person! Meanwhile, let's do it here!

https://redd.it/gb4e9p
@r_devops

Why do people hate Jenkins? I just love it!

I believe that if you have a small ass app. Don't go for jenkins it's an overkill. But if you have an intense application with many pipeline stages, jenkins is fantastically powerful!

https://redd.it/gb37w6
@r_devops

Redis 6.0.0 stable is out and here the things we liked about it.

Redis 6.0.0 stable is out and here the things we liked about it. #redis #newrelease #technews #devops #sre

[https://www.learnsteps.com/redis-6-0-0-stable-is-out-and-here-are-the-things-we-liked-about-it/](https://www.learnsteps.com/redis-6-0-0-stable-is-out-and-here-are-the-things-we-liked-about-it/)

https://redd.it/gb1e6o
@r_devops

Preparing for the AWS DevOps consultant interview

This is with their Professional Services group. Should I prepare coding questions(Leetcode style) for the phone interview? I am confused about what to prepare. Please help

https://redd.it/gb13g9
@r_devops

Anyway to represent keys in redis in regex form?

I need to interact with redis using Python. The keys are in the form of strings such as "tenant/<tid>/site/<sid>" . Now when I make a get API call passing only the tid as a parameter, I need to get all possible keys related to the tenant which has different sid. I thought of writing a regex for this, is it possible. How do I go about this?

https://redd.it/gb0e29
@r_devops