Question: How to make your own server

I have been making websites and purchasing vps to host them, I know how to configure things and start the server to listen to any elastic ip address, I figure having a raspberrypi running my server would be far more economical,

I figured that I could just set up the nginx with proper configurations there, my question is, how do I make it accept requests over the internet, do I need a custom dns? Also how would that ip be static for that to work? Is there any tutorial I can refer to?

https://redd.it/koapek
@r_devops

How worth it is a degree at this point in my career? What's the max earning potential with vs without one for an IC technical tract?

So I've reached a point where I'm making six figures in a medium COL area in my late 20s without a degree and am doing alright for myself, but I've been thinking about going for WGU BS Cloud Computing degree to see what additional options would open up. Is it worth the time, effort, and cost though? Should I just grind leetcode instead? I can get interviews easily enough though passing them is another story altogether.

https://redd.it/kop54x
@r_devops

How to move to Devops

Hello,
I need your advice on transitioning my career to DevOps from a developer role. Currently, I work at a small-medium company doing their operations like deploying manually to servers and sometimes doing developments with C#, etc. But my role is designated as a junior architect as I take care of mainly Website Deployments, database deployments, etc to different environments. By the way we are not cloud yet. I also take care of the TFS. Code reviews and check in before the deployments. Please advise me some steps to begin with. Thanks.

https://redd.it/kp27ie
@r_devops

What is the best way to solve a problem

So devops and the cloud are all the rage theses days. A lot of the problems that we are facing these days aren't necessarily new to the industry but they may be new to you. I have years of experience as a developer but not a lot of experience in operations and in IT. As a senior devops member on my team, I don't think it is expected that I have answers for everything but should know how to get to a reasonable solution. As all companies are different, there are many ways to solve a problem and it depends on the context of the problem and how it affects the company. How do you develop insight of all the different factors that relate to a problem. One of the ways is to get first hand experience or to learn from somebody in your company. But what happens when you or anybody your company doesn't have insight? If they don't have any idea what they are doing, they should be honest and admit that they don't know

Here is an example. I don't have any experience with protecting systems against DDoS nor does anyone else in my company. But suppose I am now the person responsible for resolving the issue. I can search on Google, AWS docs or ask reddit, but is the industry standard way of finding solutions for problems that are new to you. Another resource would be to refer to books on devops, security or Google SRE on possible solutions.

How do you approach problems that you are unfamiliar with? Is an acceptable answer to tell your team that you don't know and will need to spend a day reading a book or AWS articles on DDoS, in order to get enough background information

https://redd.it/kpaojh
@r_devops

Windows IAC?

Is it possible to setup a windows environment in a way where everything is defined as code, or is this a futile thought? I'm vaugly familiar with some devops practices but I work in a smaller business where Windows is a large share of our environment. Would be nice to have everything in code so if something needs to be rebuilt it could be done quickly.

https://redd.it/kpbr6z
@r_devops

How to practice devops learnings?

Hi I am an release engineer and planning to move to devops role. I've been learning different tools like ansible, docker, kubernetes. But I do not have scope to implement them at my work. Can you please help me finding a best way to get hands-on experience and practice with the devops tools I learn.

https://redd.it/kp5udn
@r_devops

What are the best books on systems design philosophies?

I know this is a pretty broad question, but the parameters are broad. I want to learn more about the current leading philosophies on building systems that are not only efficient but secure. What are your top picks?


BONUS: If you have any good picks for books on both ORGANIZATIONAL and COMPUTER system philosophies, the better!

https://redd.it/kp57tk
@r_devops

Tutorial about Azure for beginners

Hello.

Started to make video guides/tutorials about Azure fundamentals. Tried to be short and clear. Looking for recommendations, tips, and constructive criticism. Currently are ready 3 parts:

https://youtu.be/U5qlgZeBZAo

https://youtu.be/ndNf0amiwhk

https://youtu.be/I5rOxq56NnU

https://redd.it/kp3roh
@r_devops

How long would it take to read all of the AWS documentation?

I can vaguely remember reading somewhere that it would take the average human reading at 250 wpm 100+ years to read all of the official AWS documentation, from start to finish, but I can't recall where I read that and I can't attribute the quote (I already tried google).

Does anyone know the quote I'm talking about, and, if I only imagined it, does anyone know roughly how long it would take someone to read all of the AWS documentation? Are there similar stats available for the Azure/GCP documentation?

https://redd.it/kozpbb
@r_devops

Beginner question: Understanding workflow with stages, specifically conflicts.

A devops pipeline usually has multiple stages, like development, staging and production. In each of these stages, there can be a deployment of the build to a resource, like a VM in the cloud.

What I don't understand is when people are working on multiple feature branches.

In production on the master branch, each feature comes one after another. So no conflicts there.

In development, there might be multiple feature branches and each feature wants to be tested in the dev environment. But assuming there is only one resource, one branch will overwrite the deployment of the other one. I see a conflict here.

Can someone clear up how it is usually done or if I am missing something? Thanks.

https://redd.it/koyrca
@r_devops

Provision AWS IAM with Terraform

Over the last two years I've been constantly working on improving our terraform AWS IAM module to make it as flexible as possible and ensure it covers all use cases. It is now in a state that I'm pretty satisfied with and it serves an 20+ AWS account landscape with all the edge cases one could think of.

Thought to share it here as it might be useful to some of you.

GitHub: [https://github.com/cytopia/terraform-aws-iam](https://github.com/cytopia/terraform-aws-iam)
Registry: https://registry.terraform.io/modules/cytopia/iam/aws/latest

Features

It is only required to have a single module definition per AWS account, as this module allows the creation of unlimited resources and you will therefore have an auditable single source of truth for IAM.

Completely configurable via `terraform.tfvars` only
Arbitrary number of IAM **policies**, **groups**, **users** and **roles**
Policies can be defined via JSON or templatable JSON files
Policies can be defined via `aws_iam_policy_document` (Example here)
Groups, users and roles can be attached to an arbitrary number of custom policies, inline policies and existing policy ARN's
Users can be added to an arbitrary number of groups
Users support AWS access/secret [key rotation](https://github.com/cytopia/terraform-aws-iam/tree/master/examples/access-key-rotation)
Roles support trusted entities
Arbitrary number of [identity providers](https://github.com/cytopia/terraform-aws-iam/tree/master/examples/saml-login) (SAML and OIDC)
Account settings: account alias and password policy

Documentation

I've made sure to document as extensive as possible in each of the examples and also add best-practices and certain workflows. If you find certain functions unclear, please drop me a comment here.

https://redd.it/koy2vz
@r_devops

Free Kubernetes workshop

Hi there! Six months ago I've created a survey about Kubernetes basics, and the results were showing a strong interest.

So here we go: at 9th of January, 12 PM (EST) or 18 PM (CET) I will be hosting a free online event about the very basics of Kubernetes. Here is the event link.

What will we cover:

1. We'll talk about Kubernetes architecture a little.
2. We'll talk about tools for creating Kubernetes cluster.
3. We'll try to create a small cluster (1 node, 2 nodes) as virtual machines with VirtualBox.

Once again, it's completely free, I'd like to have your feedback.

https://redd.it/koxydf
@r_devops

How difficult is it to find a DevOps jobs in the US from Germany?

Hi everyone, I would like to hear your input and nationality is German.

Thanks.

https://redd.it/kov742
@r_devops

Send newly created posts on WordPress to GitHub to open for outsource translation?

As the title says, I'm trying to run a website on WordPress where I publish posts in a certain language and want to open that post for outsource translation where people I know and other people out there will help in translating the posts into various other languages. Can I achieve this somehow with GitHub Actions and/or webhooks to automate it?

Why GitHub? I want to have a version control / pull request abilities to check the translation.
Has to be free.

Open for any other suggestion that can cover what I need. Thanks

https://redd.it/koug9u
@r_devops

Has anyone here compiled DroneCI from scratch?

Sorry if this is oddly specific but I'm looking to follow the instruction noted here and getting the following error:

ubuntu@foobar:~$ go install -tags "oss nolimit" github.com/drone/drone/cmd/drone-server
can't load package: cannot find module providing package github.com/drone/drone/cmd/drone-server: working
directory is not part of a module

When I do a go get I get the following error:

ubuntu@foobar:~$ go get github.com/drone/drone/cmd/drone-server
go: found github.com/drone/drone/cmd/drone-server in github.com/drone/drone v1.10.1
go get: github.com/drone/[email protected] requires
github.com/h2non/[email protected]: parsing go.mod:
module declares its path as: gopkg.in/h2non/gock.v1
but was required as: github.com/h2non/gock

Any ideas? It works when building in DroneCI using the default .drone.yml file so I know it must be something I'm doing wrong on my end, just can't figure out what exactly.

https://redd.it/kpsnp7
@r_devops

What's your experience as an SRE with TS Clearance?

I'm currently a DevSecOps Engineer with a secret clearance. I'm wondering what it would be like if I go further down this path and try to get my TS from my current employer. What has your experience been in your career in terms of WLB (work life balance), compensation, work quality (interesting vs boring), job competitiveness, etc? And do you feel like there's an advantage in being in the Washington DC/DMV area for these types of roles?

https://redd.it/kpsxg0
@r_devops

Need guidance on approach for CI/CD for ECS + Docker



Hi All,

A friend and I (software developers) started building out an app on the side and decided to go with angular/node stack with AWS infrastructure. I'm thinking of using Docker with ECS to containerize and host the application. I'm looking for a free / open source build / deploy tool that will pair well with this stack. Ideally, the flow would be once master is merged, the tools recognize the merge and deploy a new container within ECS. I may be bastardizing the flow but I've just started looking into docker so I'm not super familiar with it. Any feedback would be appreciated.

https://redd.it/kpoagd
@r_devops

Does anyone feel that there’s so many CI/CD tools that it’s impossible to keep up with?

I’m still very early on in my career but there are soooo many technologies that comes out on the daily. Being a contractor, i have to learn new tools almost every job. “Hey have you heard of StrumCI? No, we use Jenkins but are moving onto Drone?” I love it too because there’s something for everyone.

https://redd.it/kpuhkd
@r_devops

Turn existing setup into code

I have an existing setup that I want to turn into code. I need some advice regarding tools and strategy.

What I have:

* Infrastructure
* A couple of linodes
* A bunch of linode block storage volumes
* A bunch of Backblaze buckets (S3-compatible)
* A bunch of somains and a whole lot of DNS resords

I run:

* A few Wordpress sites
* A few other PHP-based applications
* A couple of Ruby on Rails applications
* A MySQL server
* A PostgreSQL server
* Nginx for webservers
* A rather complex mail server (Postfix, Dovecot, OpenDKIM, rspamd, virtual domains, etc.)
* Backups with Duplicity

What I want to achieve:

* I'd like to turn this setup into code so that I could nuke all (or part) of it and recreate with a single (or at least very few) command.
* I'd like to be able to move things around relatively easily. Ideally, tools would be able to move data around, too. E.g. if I move MySQL db from one linode to another it would make sure MySQL server is set up there and would move data from the old server to the new one, and maybe remove MySQL server from the old linode if nothing uses it there any more. Is this even a thing?
* I'm fine with changes that would make making changes easier.
* Ideally, I don't want to add much complexity/cost on top the existing setup (apart from my time). That sort of disqualifies configuration servers, turning everything into containers or moving to AWS, etc.

I have very little exposure to DevOps tools but I'm willing to learn. The question is what to learn.

https://redd.it/kpia73
@r_devops

How does one calculate toil and measure toil reduction?

There's lots of talk of toil reduction but, how exactly do we know that we are reducing toil? Is there a quantifiable way of knowing which items to tackle to reduce x% of toil?

https://redd.it/kq1nm2
@r_devops

Need advice on microservices and database access.

I currently have microservices connecting to one database. i have every service connect to the DB with its own role with specific permissions. For example, the auth service has a DB role which has only SELECT access to the "users" table I'm using PostgreSQL btw.

Questions: Is there a better/easier way of doing this? Am I going the right direction here?

I ask because this might be overkill. On the flip side, some may think I'm not going far enough and that I need a different schema for each service.

I've read that to do ms properly, each service should have its own DB. I think that's impractical and a maintenance nightmare. At least for my project it is. So, i'm not going that route. But, I need to somehow isolate activities between the services regarding the DB.

I'm speaking only for production environments.

https://redd.it/kq67ix
@r_devops