How do you set up a virtual machine with a box located on a Google Drive using Google Drive File Stream?

​

Could not open the medium 'F:\My Drive\VM\macOS Catalina Virtual Disk Image.vmdk'.
VMDK: error writing extent header in 'F:\My Drive\VM\macOS Catalina Virtual Disk Image.vmdk' (VERRNOMEMORY).
VD: error VERRNOMEMORY opening image file 'F:\My Drive\VM\macOS Catalina Virtual Disk Image.vmdk' (VERRNOMEMORY).

I was trying to use a virtual hard disk file in order to create a virtual machine, but it gave me this error. Is it possible to make it work?

https://redd.it/kqp3jb
@r_devops

Do I need to configure ssl certs on nginx itself if nginx is inside ec2 instance, which in turn is on loadbalancer which can only be accessed using https?

note: nginx routes traffic to the app inside the same ec2 instance.

I have the ssl certs applied to the application load balancer

https://redd.it/kqjcxx
@r_devops

Tool: Product Score Card

My team manages several LOBs, each having their own Products (I define a Product as not only the Application, but all the ancillary stuff required to make it Operationalized - backups, replication, defined as IaC using Terraform, having Azure DevOps Pipeline for deployment, etc.)

One thing I would like to do, is be able to choose certain metrics that we could use to measure to and be able to give a "Score" of a Product".

For example, lets say we have Products that have Services using Azure KeyVault (the fact that the Service is using a KeyVault could be scored a 1/1 for that metric), but say we are introducing a new "feature" where all KeyVault's should be using Private Endpoint. Now all of our legacy Services would be getting a 0/1 for that new metric until they have been switched to using Private Endpoint.

Also, we have a centralized repository for our Azure DevOps Pipelines base templates, which are versioned and referenced by various Services. So if a Service is using the latest version they get a high score, but as we release newer versions of the pipeline and they continue to use the older version, their score starts to decline.

I was curious if there was a tool for doing something such as this? Bonus points if it can be automated to doing certain checks on the specific metric.

I had began tinkering with developing something myself, but, as with tools like Terraform, it would be nice if there was already a product with a set standard.

https://redd.it/kqf5nw
@r_devops

How To Drastically Optimize Your Software Team’s Workflow

Optimizing your software team’s workflow hinges on the tools you use, an analysis of where you are, and being agile in your forward progression. Read more here.

https://www.codemotion.com/magazine/dev-hub/devops-engineer/optimize-software-workflow/

https://redd.it/kqxw2j
@r_devops

Any experiences or opinions on using Sentry.io vs Azure App Insights

It doesn't appear anyone has written a comparison article so far. I'm interested to know if people have used Azure App Insights and Sentry.io for error tracking and how they compare. We're happily using Sentry.io for error capture from an app running on AWS, looking to build a totally separate app in Azure and I can see that Application Insights can do exceptions/failures management too (along with a lot of other stuff).

https://redd.it/kqzfgk
@r_devops

Tool for inserting csv for MySQL DB

I want to insert a csv file to MySQL DB after doing some basic validation. LOAD DATA INFILE is candidate, but here I need to perform some basic validations.

Column data types in csv are right data type.
Number of columns are same as db table and csv.

Should I write a custom golang or python script? or I can use open-source tool for this?

I am newbie devops.
Ref -1
Ref -2

https://redd.it/kqxoy7
@r_devops

ZAP seems to incorrectly report path traversal vulnerability in Angular app

I'm running OWASP ZAP as part of an automated CI/CD process. I am doing a spider and active scan. The report showed that there is a Path Traversal vulnerability.

This is an Angular 2 site and the javascript application is downloaded and runs in the local web browser so there wouldn't be anything revealed on the server.

\------------------------------------------------Alert Detail
High (Medium) Path Traversal
URL https://localhost:8088/Mydir/login
Method POST
Parameter usr
Attack login
Instances 1
CWE Id 22
WASC Id 33
Source ID 1

\----------------------------------------------------------Request
POST https://localhost:8082/Mydir/login HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0 Accept: application/json, text/plain, */* Accept-Language: en-US Content-Type: application/json Content-Length: 28 Origin: https://localhost Connection: keep-alive Referer: https://localhost/Frontend/ Host: localhost:8088

\----------------------------------------------------------Response
HTTP/1.1 200 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Max-Age: 3600 Access-Control-Allow-Headers: * Access-Control-Expose-Headers: xsrf-token Access-Control-Expose-Headers: xsrf-token X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Content-Type: application/json Date: Tue, 05 Jan 2021 08:41:50 GMT Keep-Alive: timeout=60 Connection: keep-alive ----------------------------------------------------------------

Please let me know if you need any other information.

https://redd.it/kqxl6r
@r_devops

Looking for advise, on my position.

Hi everyone,

I am looking for a some advise, I joined a company about a year ago as a DevOps engineer. My main job focus is suppose to be on automation, deployment and monitoring.

However, I have found that I am being given more and more responsibilities.

It has gotten to a point now that I am basically managing and guiding the direction of the whole infrastructure for the application.

I feel very uncomfortable doing this since I am inexperienced in some areas and being asked to work on company wide projects like becoming PCI DSS compliant (for who don’t know, is an absolute nightmare, if your not working on a green field project).

I am trying to see all of this as a positive thing that I am being trusted to do this and it’s good for my growth.

However, I can’t help but feel like I am being setup to fail as the business is asking for some requirements that are just not possible with our current resources and the fact that things generally aren’t being managed very well by the people who should be managing this sorts of projects.

Has anyone else felt like this and does anyone have any pointers to help me deal with this affectively?

https://redd.it/kqedyf
@r_devops

Prometheus/Alert Manager

Hi,

Is there a way to determine if a previous alert that was open is being fired again in Prometheus/Alert Manager setup? I'm trying to run an automation script for an alert only if the alert was fired for the first time. If the script doesn't resolve the alert, it should not run again and instead send a notification.

​

Thanks in advance.

https://redd.it/kr3jm9
@r_devops

Can you jump straight into DevOps out of college?

A little bit of background...

I’m 28 years old trying to make a career shift. I’m about to finish my 4 year IT degree. Currently I hold all three AWS associate certifications. On my downtime I’ve also picked up Terraform, Ansible (still need some practice), Jenkins, and some Docker as well. I’m also proficient in Python and Node.js. In the past I’ve done some front end dev work for a couple colleagues of mine. My goal is to get a DevOps position in the near future.
Now I understand this position is for individuals who are well into their career and know their shit and I know DevOps is a culture/methodology and not a title.

On my down time I’ve worked a project. In that project I’ve spun up a few EC2 instances using Terraform and configured them using Ansible. The first instance was a Jenkins server to build out a CD pipeline and the other instance was a dockerized python app.

Aside from that how can I get more hands on experience with DevOps?

Also, Is it possible for someone like myself to get straight into DevOps?

https://redd.it/kr1jh3
@r_devops

Terraform Cost Estimation 2021 Guide

We wrote a guide to help you decide which Terraform cost estimation provider is the best fit based on different use cases (set up, pricing, accuracy, policy integration): https://scalr.com/blog/terraform-cost-estimation/

https://redd.it/kr1dfs
@r_devops

'The Phoenix Project' and 'The DevOps Handbook'

I currently work in Support and i'm looking to just have a read about DevOps in my spare time (I enjoy reading books :P) and was wondering if these would be good books to read to get started / provide excellent value career wise. I have no development experience and do very little basic automation for my work using python.


The two books I am considering : 'The Phoenix Project' and 'The DevOps Handbook'


Is one better to start with for complete beginners like myself? is prior knowledge required?


Thanks in advance!

https://redd.it/krcs4c
@r_devops

Is it illegal to make a Mac virtual machine?

Is it illegal to make a Mac virtual machine? I need to make a VM running Mac so I can test websites on Safari. Is it illegal? If so, what are the alternatives?

https://redd.it/krdbj5
@r_devops

How do you debug a dockerized application without connecting to the vm through ssh?

How do you debug a dockerized application without connecting to the vm through ssh? Do you have any tip? Do people really just rebuild their boxes while adding another log command until they get the info they need?

https://redd.it/krelvh
@r_devops

What's the point of running a dockerized application inside a VM box?

What's the point of running a dockerized application inside a VM box? We're running a dockerized application inside a Linux VM box and I was wondering why not just run it on Windows since the dockerized application is just installing Linux.

https://redd.it/kre57a
@r_devops

Is there an issue to using Hyper-V?

Is there an issue to using Hyper-V? I can't remember what it was, but I am pretty sure using Hyper-V caused issues when trying to make a Linux or Mac virtual machine. Am I correct?

https://redd.it/krd8no
@r_devops

Chrome Extension Internal Tools?

Hi everyone! I'm a recent CS grad and I've been really interested in custom internal Chrome Extensions. I've compiled a list of examples from LinkedIn, and a surprising amount of them are for developer-focused workflows.

I would love to ask the community if you have built Chrome Extensions for devops! And, if so why?

https://redd.it/krb8sn
@r_devops

Sealed secrets

Does it make sense to seal and store secrets in Git instead of using tools like Hashi Vault?

​

\>> https://youtu.be/xd2QoV6GJlc

https://redd.it/kroosp
@r_devops

Purchasing Processes

Hey All,

I'm in the process of building a tool to streamline remote access to K8s clusters.

We're almost to the finish line and are trying to determine the right price for this SaaS tool.

Ideally, we want engineers with a small project scope to use the tool without having to go through a complicated procurement process or run the purchase decision up the chain of command. When I was a dev working at a large tech company, tool procurement was always such a nightmare, we want to fix that when possible.

I think it would be interesting to compare purchasing practices across different industries. Please reply with the following format:

Industry:
Company size (est.):
Company location (country):
Your Seniority (dev, sr, manager, director, etc.):
Price amount when you ask your boss to purchase something:
Price amount when you ask your boss's boss to purchase something:
Price amount when you ask procurement to purchase something:

​

https://redd.it/kradle
@r_devops

Want switch to Cloud Computing and Operations side

Hi guys, hope you're all safe and sound. Well, I am working as a software engineer(a/c to my designation) in a big private company and right now I am assigned some websites project in which I should just have to solve some issues or bugs and I am doing it for the last 8 to 9 months. But the problem is I want to switch to the cloud computing side or at least the DevOps part because that's what I want to be in the future. As of now, I didn't get any chance to work some operations part in any of my projects and I really want to be a cloud engineer or DevOps engineer. Please tell me what should I do now? I am getting depressed when I think about it. I cannot afford to switch to any other company as in these pandemic days, it will not be a good idea. Guys do suggest to me how do I take my career path into what I want.

Thanks

https://redd.it/krqat9
@r_devops

Agile Line Name Suggestions

So my department is standing up a new line with the sole focus of cloud contact center solutions. Currently we have two on prem contact center teams: Game of Phones, and Lords of the Ring, I was hoping to keep a similar theme. They asked me (I came up with the previous two 5+ years ago so I’m the name guy now) to come up with a list to help the team out with picking one. They asked to have some reference to cloud in the name and I’d like to keep it themed around pop culture.

I had simple ideas like Cloud Wars or The cloud awakens but can’t think of a way to combine all three... cloud pun, phone pun, pop culture.

https://redd.it/kr086b
@r_devops