How to implement performance testing in CI pipeline? or just how to implement performance testing in general?

Hi! Lately we've seen huge downtime because of performance issues. One of the developers merged really bad code into production that took entire DB down for hours.

Today I've been wondering what if there is an actual tool that does performance testing at the CI level, that would be awesome. Like similar to how we do unit testing, there could be certain threshold that needs to be passed for that test.

Or if it's too fictional, where should I start to prevent such issues.

Thank you.

https://redd.it/k4zra1
@r_devops

NEW RELIC - HOW TO ADD AN EXISTING SYNTHETICS ping MONITOR TO A LOCAL New Relic APP?

So I'm relatively new to New Relic.

I have a synthetics monitor i created for a website, a simple ping one.

I then went to create a new relic app locally, which is new to me as well. How do I incorporate the above synthetics monitor I created successfully, into my new relic app?

I'm going through a documentation and videos and it isn't clear to me just yet.

I also want a very basic new relic app created right now, a space for an application to observe things going on with the site, so I'm trying to do the bare minimum setup for right now.

If I understand correctly, a new relic app is created locally in a local instance of new relic, and then when I publish/deploy it, New Relic will host it on our actual account so that the new relic app is no longer only local to me? This deployed app will run with the code from the New Relic infrastructure, and won't need to have it started on my machine locally (`nr1 nerdpack:serve`) in order to run and be there for others to see in the new relic account?

New relic, the new relic app and the file structure for it is all new to me, as well as the monitor.

PS: apologies, I don't know why the title of the post would only do cap locks automatically, for most things, it apperas. odd I guess

https://redd.it/k4ude6
@r_devops

How to get over the initial pain

Java and PowerShell are F'ing hard things to get started in. Im slightly discouraged and that makes me angry.

I need a pat on the back or something. Please help.

https://redd.it/k4l77b
@r_devops

I am kinda new to this. How to push 2 or more github repositories to google cloud build and run

So I have full stack nrwl application which is sperated back end , front end and one microservice. All connected docker-compose but tried it locally. I dont find a example of being run at the same time one to another. Any suggestion appricieted.

https://redd.it/k4kepy
@r_devops

Introducing Project Shipwright (Part 2) - Build Container Images on Kubernetes

About three weeks ago I wrote a [blog post](https://shipwright.io/blog/2020/10/21/introducing-shipwright-part-1/) introducing Project Shipwright, and posted the link [here](https://www.reddit.com/r/devops/comments/jrkwbs/introducing_shipwright_a_framework_for_building/). The first post set the scene, explaining why we started the project.

Yesterday I posted [Part 2](https://shipwright.io/blog/2020/11/30/introducing-shipwright-part-2/) of my series, which introduces the Build APIs and explains how they work together. Please take a look, and let me know what you think!

https://redd.it/k4kbve
@r_devops

Introducing microservices and Docker with a whiteboard and a marker pen :)

Hi team! some months ago I made a very educative and visual video explaining **microservices** and **Docker** from the perspective of being interesting, fun and useful. I just want to share the content here. I hope some of you may found it interesting and useful. Thank you and have a nice day!

[https://youtu.be/D3okLNBL1lE](https://youtu.be/D3okLNBL1lE)

https://redd.it/k4krsy
@r_devops

What is Jenkins?

Let's start with an introduction to one of the most popular [DevOps tools](https://www.janbasktraining.com/blog/devops-tools/) that are popular as Jenkins. [Jenkins wiki](https://wiki.jenkins.io/#all-updates) is an open-source tool that has many plug-ins and it is written in Java. The Jenkins wiki tool was launched to build and test software projects in an easy way.

Developers can easily integrate application changes with this tool to help the user to obtain a fresh build. The software can be tested and delivered continuously with the help of various integration and deployment technologies.

Through automation, software developers can accelerate the process of software development. Jenkins mainly integrates all the stages of the software development lifecycle that are documentation, packaging, testing, deployment, static analysis, and other ones.

[Jenkins](https://www.janbasktraining.com/blog/jenkins-interview-questions/) plugins help the developers in providing continuous integration and various stages can be integrated through Jenkins. To integrate any specific tool like Git, Amazon EC2, Manen 2 project, HTML publisher, etc. you can download the appropriate plugin and integrate the tool. It is a basically advantageous tool and the reason for the advantages of Jenkins is:

* Jenkins is an open-source tool that has wide community support
* Installation of Jenkins is quite easier
* A vast number of plugins are available; even if any plugin doesn’t exist then you can develop it and add it to the community.
* Due to Java's written code, it is portable to major platforms.

https://redd.it/k4je5c
@r_devops

Puppet CIS Benchmarks

Hi all. I'm looking to push CIS benchmarks via Puppet to our infrastructure. I did see the CIS Compliance Service. Can anyone speak on it's success? Or, have you found success through a different route? Cheers!

https://redd.it/k5fmjg
@r_devops

Runbook Automation

Hi,

Have you considered automating runbooks? If so, which tools did you use to do so? I'm exploring Rundeck but some of their features like PagerDuty, Okta integrations come with a license fee of at least $20k.

Thank you.

https://redd.it/k5ilyw
@r_devops

Running vault in k8s vs dedicated vm

In my previous company we ran vault on dedicated hardware, so we had a few VMs in separate regions - per environment.

In my current company, I have an environment running one k8s cluster with a few nodes for services, but 2 nodes specifically dedicated to vault, running in separate regions, and am running 2 vault pods there.

Since my region spread is identical, are there any reliability gain from dedicated VMs over my current setup?

I have an urge to say dedicated VMs would be more reliable, but I don't have any evidence why. In fact hashicorp's own website provides a [k8s reference architecture](https://learn.hashicorp.com/tutorials/vault/kubernetes-reference-architecture) in addition to [standard reference architecture](https://learn.hashicorp.com/tutorials/vault/reference-architecture)

Also - could there be performance gains from VMs over pods in k8s?

https://redd.it/k5kowe
@r_devops

AWS - change file system on ec2 ebs root block device

Hello.

I've been looking for a way to change the file system in an EBS root block device with no luck. I'm looking to create a new EBS backed AMI with btrfs on the root block device. I'd prefer to do this as part of an Image Builder pipeline, but any method (except Packer) would help.

https://redd.it/k5quny
@r_devops

I'm looking for your feedback! (experiment about VR and TravisCI)

I am working on a very early idea: applying virtual reality in software engineering. My first try is this. I represent in VR the data that can be retrieved from [TravisCI.org](https://TravisCI.org) using its API v3. Your feedback will be very valuable to me. Thank you very much colleague

The experiment [is here](https://rv.dcc.uchile.cl/)

https://redd.it/k5ozve
@r_devops

debug a Docker container on aws Elastic beanstalk, still up but not working, no printing any logs or errors

Pretty much the title.

I have a simple python app doing some stuff in a main loop (while True: ...do stuff... sleep 5 sec). It runs in the official python 3.8 slim-buster image. I run the container on AWS Elastic Beanstalk (EC2 t3a.micro).

Now the app stopped working last week. I logged in the AWS console, nothing weird. I ssh'd directly into the EC2 instance, the container was still up with an uptime of 2 months. When I displayed the logs from the container, it indeed stopped logging last week. But what's weird is that it stopped in the middle of the algorithm (very basic stuff, nothing CPU/IO/time intensive), in the main loop, without logging any errors. It just stopped there. On the side of the EC2 instance, CPU usage is low, volume almost empty (I didn't think about checking the memory usage.. but if it was close to 100% I wouldn't be able to ssh there. edit: 50% so far but it has been up for only 30 min. Need to wait to see if it increases. edit2: doesn't seem to leak).

The same issue happened 2 months ago, so that is the second time in like 5 months that I've been running that app. If we exclude these 2 dates, the app did its job, 24 hours a day, 7 days a week.

**So I tend to think the problem is not in the code or in python otherwise there would be some errors and it would probably happen more often. So I guess it's Elastic Beanstalk or Docker.**

Any idea what it could be or how could I find the source of the issue? How to debug it?

Should I just force it to restart automatically like on a daily basis since it seems it happens after running for weeks? I don't mind the downtime, it's stateless and takes a few seconds to restart.

https://redd.it/k5k2cl
@r_devops

Sonarqube: What it is and Why to use it?

[SonarQube](https://www.loginradius.com/blog/async/sonarqube/) is a universal method that has become more or less the industry standard for static code analysis. With SonarQube, keeping the code clean, clear, and easy to read is also much easier. I found this basic guide to get a better overview of sonarqube. Let me know your thoughts in the comment :)

https://redd.it/k5t7r6
@r_devops

How to pass arguments to shell files and manipulate them inside the file. Also, ask user to insert certain input like username and password.

Arguments gives the bash program more details about what you need to do. Sometimes, it comes as a form of sub-command like yarn add <packageName> where "add" tells the program more about what to do, and the packageName is what you data that you what to pass the program.

You can also pass inputs in the middle of the working program. It could be asking for confirmation, authentication, etc.

Check out the video for hands-on implementation:
https://youtu.be/4bcUii6HDYo

https://redd.it/k5tu57
@r_devops

How would go about creating an isolated environment of ~60 .net (4.x) micro services?

So.. I'm a the only DevOps guy in the company, inherited 3 environments from my predecessor: test,qa and ofcourse prod.
Each environment is comprised out of multiple servers hosting a magnitude of ~60 types of different micro services that make up the entire system (a trading platform) .
Few of these services have multiple instances, some are IIS hosted services, some are windows hosted services.
Most can bind to the same IP address with different DNS bindings, but some require binding on entire scopes, so they have their own IP addresses.

Currently we use a rather complex but very customizable and generic build and deploy system, that was built in house on top of a commercial build runner, very similar concept to Jenkins I believe, but windows based and running from an IDE (with a Web-UI for developers to run and deploy services on these 3 environments).

I was tasked with finding a way to "pack" the entire trading platform - with all ~60 micro services and the relevant infrastructure (rmq, ) into something that can be deployed on demand per developer, so we could spin up entire environments in matter of minutes
and have a separate "dev" environment for each developer, created and destroyed on demand.

What could be a good way of achieving this?
Right now I am perusing the idea of a single windows machine, hosting all these services on it, that can be cloned on re-configured with a custom dns name via scripting.
Still not 100% sure this is the best way to go around this, and it does have some challenges
(For example: many if not most of the services should be accessible from outside the self-contained environment, so that the developers can access their APIs and test them with external tools, there are many IP addresses internally, trying to figure out a way to only expose only a single IP address on the host network and keep the rest internal to the "all in one" server.

I have 0 knowledge and experience with containers, not entirely sure if that's the best idea here.
I would love to hear your throughs on this, and how would you achieve this goal and be able to spin complete environments up/down on demand.

Thanks!!

https://redd.it/k5svoc
@r_devops

Scanning artifacts for tokens, passwords and other secrets

Hello all

In our company we want to scan artifacts that are uploaded to Nexus repository for passwords, tokens and secrets. We want to avoid situations that someone upload artifact with secret by mistake or make sure that this person made in on purpose.
I'm looking for tools to check packages for such things. It doesn't need to one swiss army knife to do it all, it can be set of tools to scan different standards like npm, mvn etc.

I'm aware that it may contains many false positives and false negatives but it may improve quality of our products

https://redd.it/k56uy1
@r_devops

Elasticsearch on Docker - file permission issues

I am trying to test LDAP in elasticsearch/kibana by running it in Docker on Windows 10.

I pulled the image down:

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.10.0

And ran it:

docker run -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:7.10.0

I did the same with Kibana and everything came up as expected. I then upgraded the elastic licence and started the 30 day trial to get the LDAP features in X-Pack.

I opened a shell to the container and updated the elasticsearch.yml file with my LDAP information and set the path to the role\_mapping.yml file. I also updated role\_mapping.yml file with the LDAP informaiton. I followed the instructions here: [https://www.elastic.co/guide/en/elasticsearch/reference/7.10/ldap-realm.html](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/ldap-realm.html)

Now when I restart the elasticsearch container I get the following error then the container halts:

uncaught exception in thread [main]
java.lang.IllegalStateException: security initialization failed Likely root cause: java.security.AccessControlException: access denied ("java.io.FilePermission" "/role_mapping.yml" "read")
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.base/java.security.AccessController.checkPermission(AccessController.java:1036)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:408) at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:747)
at java.base/sun.nio.fs.UnixPath.checkRead(UnixPath.java:810)
at java.base/sun.nio.fs.UnixFileSystemProvider.exists(UnixFileSystemProvider.java:524)
at java.base/java.nio.file.Files.exists(Files.java:2514) at org.elasticsearch.xpack.core.XPackPlugin.resolveConfigFile(XPackPlugin.java:361) at org.elasticsearch.xpack.security.authc.support.DnRoleMapper.resolveFile(DnRoleMapper.java:86)
at org.elasticsearch.xpack.security.authc.support.RoleMappingFileBootstrapCheck.create(RoleMappingFileBootstrapCheck.java:47)

I overwrote the elasticsearch.yml file by copying a version with the LDAP config commented out so I could start the container. When I did this I checked the file permissions and both elasticsearch.yml and role\_mapping.yml have the same:

-rw-rw---- 1 elasticsearch root 199 Dec 2 15:51 elasticsearch.keystore
-rwxr-xr-x 1 root root 568 Dec 2 18:36 elasticsearch.yml
-rw-rw---- 1 elasticsearch root 2301 Nov 9 21:28 jvm.options
drwxrwxr-x 2 elasticsearch root 4096 Nov 9 21:32 jvm.options.d
-rw-rw---- 1 elasticsearch root 8451 Nov 9 21:35 log4j2.properties
-rwxr-xr-x 1 elasticsearch root 502 Dec 2 20:15 role_mapping.yml
-rw-rw---- 1 elasticsearch root 197 Dec 2 20:10 roles.yml
-rw-rw---- 1 elasticsearch root 0 Nov 9 21:32 users
-rw-rw---- 1 elasticsearch root 0 Nov 9 21:32 users_roles

I even tried CHMODing the role\_mapping.yml file to 777 but I still get the same result.

I feel like I'm missing something obvious...

&#x200B;

edit: formatting

https://redd.it/k5y3y2
@r_devops

Flagr – a feature flagging, A/B testing, and dynamic configuration microservice

I thought the r/devops subreddit might be interested in this project I just found!

https://github.com/checkr/flagr

If you like this, [I do a weekly roundup of open source projects that includes an interview with one of the devs you can subscribe to.](https://console.substack.com/)

https://redd.it/k614vs
@r_devops

Major Pagerduty outage

Status page - https://status.pagerduty.com/incidents/tpvmgn9nnnfb

Event Investigation Issue Affecting Global Routing Keys

https://redd.it/k665k7
@r_devops

Keycloak alternative!

I'm looking for an open source Auth server, Keycloak seems pretty good but doesn't support MongoDB database, I also found Gluu but its system requirement is a little bit high, do you guys know any good alternative that support MongoDB?

https://redd.it/k6747i
@r_devops