How To Drastically Optimize Your Software Team’s Workflow

Optimizing your software team’s workflow hinges on the tools you use, an analysis of where you are, and being agile in your forward progression. Read more here.

https://www.codemotion.com/magazine/dev-hub/devops-engineer/optimize-software-workflow/

https://redd.it/kqxw2j
@r_devops

Any experiences or opinions on using Sentry.io vs Azure App Insights

It doesn't appear anyone has written a comparison article so far. I'm interested to know if people have used Azure App Insights and Sentry.io for error tracking and how they compare. We're happily using Sentry.io for error capture from an app running on AWS, looking to build a totally separate app in Azure and I can see that Application Insights can do exceptions/failures management too (along with a lot of other stuff).

https://redd.it/kqzfgk
@r_devops

Tool for inserting csv for MySQL DB

I want to insert a csv file to MySQL DB after doing some basic validation. LOAD DATA INFILE is candidate, but here I need to perform some basic validations.

Column data types in csv are right data type.
Number of columns are same as db table and csv.

Should I write a custom golang or python script? or I can use open-source tool for this?

I am newbie devops.
Ref -1
Ref -2

https://redd.it/kqxoy7
@r_devops

ZAP seems to incorrectly report path traversal vulnerability in Angular app

I'm running OWASP ZAP as part of an automated CI/CD process. I am doing a spider and active scan. The report showed that there is a Path Traversal vulnerability.

This is an Angular 2 site and the javascript application is downloaded and runs in the local web browser so there wouldn't be anything revealed on the server.

\------------------------------------------------Alert Detail
High (Medium) Path Traversal
URL https://localhost:8088/Mydir/login
Method POST
Parameter usr
Attack login
Instances 1
CWE Id 22
WASC Id 33
Source ID 1

\----------------------------------------------------------Request
POST https://localhost:8082/Mydir/login HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0 Accept: application/json, text/plain, */* Accept-Language: en-US Content-Type: application/json Content-Length: 28 Origin: https://localhost Connection: keep-alive Referer: https://localhost/Frontend/ Host: localhost:8088

\----------------------------------------------------------Response
HTTP/1.1 200 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Max-Age: 3600 Access-Control-Allow-Headers: * Access-Control-Expose-Headers: xsrf-token Access-Control-Expose-Headers: xsrf-token X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Content-Type: application/json Date: Tue, 05 Jan 2021 08:41:50 GMT Keep-Alive: timeout=60 Connection: keep-alive ----------------------------------------------------------------

Please let me know if you need any other information.

https://redd.it/kqxl6r
@r_devops

Looking for advise, on my position.

Hi everyone,

I am looking for a some advise, I joined a company about a year ago as a DevOps engineer. My main job focus is suppose to be on automation, deployment and monitoring.

However, I have found that I am being given more and more responsibilities.

It has gotten to a point now that I am basically managing and guiding the direction of the whole infrastructure for the application.

I feel very uncomfortable doing this since I am inexperienced in some areas and being asked to work on company wide projects like becoming PCI DSS compliant (for who don’t know, is an absolute nightmare, if your not working on a green field project).

I am trying to see all of this as a positive thing that I am being trusted to do this and it’s good for my growth.

However, I can’t help but feel like I am being setup to fail as the business is asking for some requirements that are just not possible with our current resources and the fact that things generally aren’t being managed very well by the people who should be managing this sorts of projects.

Has anyone else felt like this and does anyone have any pointers to help me deal with this affectively?

https://redd.it/kqedyf
@r_devops

Prometheus/Alert Manager

Hi,

Is there a way to determine if a previous alert that was open is being fired again in Prometheus/Alert Manager setup? I'm trying to run an automation script for an alert only if the alert was fired for the first time. If the script doesn't resolve the alert, it should not run again and instead send a notification.

​

Thanks in advance.

https://redd.it/kr3jm9
@r_devops

Can you jump straight into DevOps out of college?

A little bit of background...

I’m 28 years old trying to make a career shift. I’m about to finish my 4 year IT degree. Currently I hold all three AWS associate certifications. On my downtime I’ve also picked up Terraform, Ansible (still need some practice), Jenkins, and some Docker as well. I’m also proficient in Python and Node.js. In the past I’ve done some front end dev work for a couple colleagues of mine. My goal is to get a DevOps position in the near future.
Now I understand this position is for individuals who are well into their career and know their shit and I know DevOps is a culture/methodology and not a title.

On my down time I’ve worked a project. In that project I’ve spun up a few EC2 instances using Terraform and configured them using Ansible. The first instance was a Jenkins server to build out a CD pipeline and the other instance was a dockerized python app.

Aside from that how can I get more hands on experience with DevOps?

Also, Is it possible for someone like myself to get straight into DevOps?

https://redd.it/kr1jh3
@r_devops

Terraform Cost Estimation 2021 Guide

We wrote a guide to help you decide which Terraform cost estimation provider is the best fit based on different use cases (set up, pricing, accuracy, policy integration): https://scalr.com/blog/terraform-cost-estimation/

https://redd.it/kr1dfs
@r_devops

'The Phoenix Project' and 'The DevOps Handbook'

I currently work in Support and i'm looking to just have a read about DevOps in my spare time (I enjoy reading books :P) and was wondering if these would be good books to read to get started / provide excellent value career wise. I have no development experience and do very little basic automation for my work using python.


The two books I am considering : 'The Phoenix Project' and 'The DevOps Handbook'


Is one better to start with for complete beginners like myself? is prior knowledge required?


Thanks in advance!

https://redd.it/krcs4c
@r_devops

Is it illegal to make a Mac virtual machine?

Is it illegal to make a Mac virtual machine? I need to make a VM running Mac so I can test websites on Safari. Is it illegal? If so, what are the alternatives?

https://redd.it/krdbj5
@r_devops

How do you debug a dockerized application without connecting to the vm through ssh?

How do you debug a dockerized application without connecting to the vm through ssh? Do you have any tip? Do people really just rebuild their boxes while adding another log command until they get the info they need?

https://redd.it/krelvh
@r_devops

What's the point of running a dockerized application inside a VM box?

What's the point of running a dockerized application inside a VM box? We're running a dockerized application inside a Linux VM box and I was wondering why not just run it on Windows since the dockerized application is just installing Linux.

https://redd.it/kre57a
@r_devops

Is there an issue to using Hyper-V?

Is there an issue to using Hyper-V? I can't remember what it was, but I am pretty sure using Hyper-V caused issues when trying to make a Linux or Mac virtual machine. Am I correct?

https://redd.it/krd8no
@r_devops

Chrome Extension Internal Tools?

Hi everyone! I'm a recent CS grad and I've been really interested in custom internal Chrome Extensions. I've compiled a list of examples from LinkedIn, and a surprising amount of them are for developer-focused workflows.

I would love to ask the community if you have built Chrome Extensions for devops! And, if so why?

https://redd.it/krb8sn
@r_devops

Sealed secrets

Does it make sense to seal and store secrets in Git instead of using tools like Hashi Vault?

​

\>> https://youtu.be/xd2QoV6GJlc

https://redd.it/kroosp
@r_devops

Purchasing Processes

Hey All,

I'm in the process of building a tool to streamline remote access to K8s clusters.

We're almost to the finish line and are trying to determine the right price for this SaaS tool.

Ideally, we want engineers with a small project scope to use the tool without having to go through a complicated procurement process or run the purchase decision up the chain of command. When I was a dev working at a large tech company, tool procurement was always such a nightmare, we want to fix that when possible.

I think it would be interesting to compare purchasing practices across different industries. Please reply with the following format:

Industry:
Company size (est.):
Company location (country):
Your Seniority (dev, sr, manager, director, etc.):
Price amount when you ask your boss to purchase something:
Price amount when you ask your boss's boss to purchase something:
Price amount when you ask procurement to purchase something:

​

https://redd.it/kradle
@r_devops

Want switch to Cloud Computing and Operations side

Hi guys, hope you're all safe and sound. Well, I am working as a software engineer(a/c to my designation) in a big private company and right now I am assigned some websites project in which I should just have to solve some issues or bugs and I am doing it for the last 8 to 9 months. But the problem is I want to switch to the cloud computing side or at least the DevOps part because that's what I want to be in the future. As of now, I didn't get any chance to work some operations part in any of my projects and I really want to be a cloud engineer or DevOps engineer. Please tell me what should I do now? I am getting depressed when I think about it. I cannot afford to switch to any other company as in these pandemic days, it will not be a good idea. Guys do suggest to me how do I take my career path into what I want.

Thanks

https://redd.it/krqat9
@r_devops

Agile Line Name Suggestions

So my department is standing up a new line with the sole focus of cloud contact center solutions. Currently we have two on prem contact center teams: Game of Phones, and Lords of the Ring, I was hoping to keep a similar theme. They asked me (I came up with the previous two 5+ years ago so I’m the name guy now) to come up with a list to help the team out with picking one. They asked to have some reference to cloud in the name and I’d like to keep it themed around pop culture.

I had simple ideas like Cloud Wars or The cloud awakens but can’t think of a way to combine all three... cloud pun, phone pun, pop culture.

https://redd.it/kr086b
@r_devops

Best sources to prepare for Professional Cloud Architect Certification

In my current workplace I need to pass googles "Professional Cloud Architect Certification". I have some practical knowledge in Google Cloud Platform, but from my experience with AWS certification there are a lot of micro details that could be missed in day to day work. So could you please share cources, books or other sources that helped you preparing to the certification.

https://redd.it/kqzcyf
@r_devops

What is the main difference between bare metal offerings from Packet vs. AWS, Azure, etc. ?

I'm researching the bare metal market, and with a non-technical background, I'm struggling to understand the key differences between a bare metal offering from a company such as Packet (now owned by Equinix) vs. bare metal offerings from AWS, Google, Azure, and others. How do they compare on performance? I know Packet is known for great automation and support, is that something AWS and others do well too?

https://redd.it/kruopz
@r_devops

For GitLab's CI, should deployment server information be stored in the gitlab-ci.yml directly, or is there a way to decouple it from the git itself?

We're setting up CI for the first time with GitLab (self-hosted). We have a single local staging server, but will be deploying to several production servers, and we use docker on both the staging and production.

At the moment we just have the staging server information setup inside of the gitlab-ci.yml, and this is largely duplicated across several projects. But this feels wrong to me?

The first reason is because we're duplicating the production server information across multiple gits, so if we change the server we will have to go and change each one.

And secondly because it seems we're coupling this information to each git project, and it doesn't feel related to them. E.g. we have an api project, and storing the production server information in the yml file in there doesn't feel like it should be there, as it's not really part of the api, but how it's deployed.

In regards to the second point it also feels like that for the container registry as well, e.g. we have the container registry and name setup in the yml file. Am I overthinking that, or should that information be stored elsewhere?

For the production deployment we plan to do a similar thing, except we are going to have it call a script on one manager of the docker swarm, and that will deploy and setup services for the others. Again is this a good way to do it?

My main question is, is there a better way to handle this? So that the production server information isn't stored in the git in the gitlab-ci.yml? And should things like the location and name of the container and container registry be kept in there/the git as well?

https://redd.it/krsk4c
@r_devops