Question

Hello guys I hope everyone is doing well. I have a question if any one can answer that would be great so I can’t catch up the concept of build code what does the build do for example if you are using Jenkins for CI/CD when they say build test etc. I don’t understand the term build does it gather the dependencies for the code to work on a environment or does it mean something else thanks in advance.

https://redd.it/kvd3l2
@r_devops

Dependency Tracking - Is there an wasy way?

Hi everyone. I hope this is the correct sub where to post.

I'm a junior developer, working on a project where the architect just quit, and to be honest, I have no clue whom to ask about this, so, I'm very sorry if I sound a bit naive.

I tried to google and skim through reddit posts, but to be honest, this time I don't even know what to look for.

Anyway, our project looks like a "revamped" monolith, that have been split through different maven projects, that get deployed on multiple wildfly instances.

Our problem, is that the number of modules are growing, and we're slowly losing track of all the dependencies between them.

Since I have no clue about who's supposed to take care of this aspect of the project (Management? Developers?) neither what are the best practices or tools available to avoid this kind of stuff, could you give me any hints?

Just for the sake of example, let's say we have the A1.war module.

B.war, C.war, and D.war, all uses A.war as dependency.So, everytime something changes on A's interfaces, I have to rebuild B, C and D.

It happened before, that we forgot to redeploy a module or two, and that's kinda sad. So, i'm looking for something that could...I don't really know, scan the POM and draw a dependency graph? Or some book that explain the concept of "how should thos kind of problems we avoided"?

Anything really. Any info or pointing in any direction is more than welcome.

Thanks everyone!

https://redd.it/kw0167
@r_devops

Migrating from Docker Swarm, looking for real rootless replacement

My first priority is to reduce the security holes that docker has with it default root configuration. So far its 2021 and Docker itself does not work with rootless mode under swarm that would need to scale (no overlay network for rootless daemon).

https://redd.it/kw1604
@r_devops

Solved a problem I was having with file sharing sites..

I had an annoying problem with a company project where everyone in the team and different departments was using a different file sharing site. Box, Dropbox, Google Drive, that kind of thing. Makes it really hard to have security policies for data across multiple platforms like that... especially with file sharing.

Thought I'd share the solution I found -- it securely federates and combines all the different file sharing sites together into _one_ manageable metasite without actually copying the data. Even has a google/edge extension so it's convenient.

Its called https://www.dokkio.com .. free for now it seems as they are in beta, and looks like they can handle individual and up to Enterprise.

https://redd.it/kv99j8
@r_devops

Icinga2 vs Instana for monitoring

What are your thoughts?
Instana is pretty great since it comes with easy out of the box everything.
Looking into ICinga2 I like how much power I have with Python Scripts but I been trying to set up the same ecosystem that Instana provides and I'm finding that to be much harder.

https://redd.it/kv7ujy
@r_devops

Kaholo feedback CI/CD

Has anyone here used kaholo for CI/CD?

Any feedback welcome!

https://redd.it/kv6xhr
@r_devops

Modern CI/CD pipeline for front end projects

Here is what we do in my company:

precommit and prepush \#git hooks are used to catch issues before they are pushed upstream.

`precommit` runs only on staged files (takes few seconds)
prepush runs eslint typescript and unit tests (takes up to 20 seconds)

Every time a commit is pushed:

1 ) We build a #docker image & bundle cypress and other development dependencies. This allows us to run all subsequent tasks using the same Docker image.

It is fast. Takes 2-4 minutes. 🏎

2 ) We run 5 tasks concurrently to validate our build.

ESLint
TypeScript
jest Unit tests
cypress Integration tests
Fetch, validate & compile GraphQL schema

2 ) For every commit, we deploy a review app.

Review app:

Allows anyone to preview what is being developed.
Allows anyone to preview our storybook.
Allows to leave visual reviews (WIP)

3 ) Before changes can be merged to the main branch, we use GitLab to mandate at least 1 review from the team.

In addition, we use GitLab review system to advise who is the best person to review the code based on which files have changed.

5 ) When changes are merged to the main branch, we automatically deploy to production.

We use argocd to implement gitops. This means that we have a detail log of everything that has been deployed, and in case of a critical error, reverting is as simple as "git revert" Receipt

6 ) Finally, we push changes regularly to the main branch. Small incremental updates, dozens of times a day.

This means that if things break, they are typically small things and easy to revert / patch.

We use feature flags to hide any WIP features. 🏳

Originally posted:

https://twitter.com/kuizinas/status/1349177926105792514

https://redd.it/kw6pn3
@r_devops

Grafana announces new free Grafana cloud tier with hosted Prometheus up to 10k series and 50gb of Loki logs

from their blog

Seems like a good thing for startups or people new to Loki or Prometheus that don’t need a ton of retention (limited to 14 days). small homelab projects you don’t want to deal with the extra overhead of self hosting would also be a good fit for this kind of thing

https://redd.it/kw09g1
@r_devops

CI/CD quick tip: Custom Slack deployment messages

To keep the dev team involved in production, and perhaps more importantly, share key dashboards and logs so they can quickly respond to issues, I've found custom Slack channel messages to be really useful. I made a very quick video that shows how to add a Slack app and send a custom deployment message in your CD pipeline:

https://youtu.be/UVeJINQ8MmY

How do you keep your dev team involved in production events?

https://redd.it/kw0tfg
@r_devops

Containerizing JBoss EAP with custom configuration

We have a lot of legacy apps on JBoss EAP in environments that are due for a refresh. I used to be fairly comfortable with EAP, but haven’t found much out there on modifying server configuration in the world of containers.

To be clear Red Hat’s documentation does cover clustering and some other aspects, but I hadn’t seen anything on managing arbitrary bits EAP configuration without having to manage all of the configuration XML.

After some experimentation I found it wasn’t too bad. I wrote it up at https://medium.com/@chethosey/configuring-eap-subsystems-with-galleon-9c824684a7bd in case it’s helpful to anyone else.

I also have some experience with configuring data source and injecting JDBC drivers via Galleon, which I could write up if anyone is interested.

https://redd.it/kw7jsq
@r_devops

PLEASE stop shoehorning devops where it doesn't belong OR WHERE YOU AREN'T READY FOR IT

Excuse my personal rant, but as a seasoned sysadmin, I'm pulling my hair out with this BS, and all these organizations that can't seem to grasp that what works for software development (Agile, scrum, devops etc) doesn't necessarily work for your infrastructure and operations teams the way it does for developer teams, yet you do your best time and time again to make us "cross functional" because it works so well for you.

Why? because you can't treat hardware, maintenance, compliance, and networking like software when it isn't. Listen. I get it. You read a book about all the cool things and infrastructure as code and software defined networking. Then you forgot that your infrastructure is aged and you have no budget or interest in adding what is necessary to make things redundant, high availability, or anything else. You don't know why ordering storage systems without dual controllers means that your entire stack has to go down to update the firmware.. which is why it hasn't been patched since it was purchased. You don't get why on-site servers aren't infinite resources like the cloud is, or why you can't "just use the cloud" to fix all of your problems. You don't understand that a network doesn't have limitless bandwidth and too many bright "decentralized" ideas clogs the pipes faster than eating at chipotle.
"What do you mean there's only so many IP's available" said the developer who automated the build out of containers that reserve their own IPs without checking IPAM because they've never heard of it.

I don't know when or why someone thought "empowering" developers meant to give them free reign on systems they don't understand in order to shit out "value" as fast as humanly possible, and then complain that trying to implement process and policy "slows things down". For the love of all that is holy this is purely unsustainable and this virus has apparently infected everyone.

I'm sure some of you in here can't relate because you're from competent strategic organizations that have implemented appropriate structure, but the rest of the industry is burning shit down underneath themselves. This helps to highlight why things like cybersecurity are a freaking pipe dream. It's all spit, lies, and bubblegum, and the world runs on it.. slow the F*** down!

https://redd.it/kvx9vh
@r_devops

How the heck do I solve the problem of maintainable template projects?

I'm running the CI show at my clients shop where we do pretty much greenfield development for 9 different building security devices like card readers and such. There are two base Linux platforms (a beefy one and a tiny one) and each device is built from one of the platforms as a base and then a set of services and configurations are added on top of that to make the final firmware for each device.

We have an internal tool that let's developers create services, this tool creates a git repo and does some ghetto templating work by copying over a hello world project and replaces a few magic strings in the template files depending on the command line args passed to the tool.

This all works fine, until a change in the template is required. At this point it's just a horror show to keep all the service repos synchronized. The Cmake files for each project is customized so you can't just copy the new file over but you have to open it in each repo and manually perform the change. It's very tedious.

The minimum functionality I'm after is having the CI yell at me if I change the template and one of the repos is out of sync when it's committed. The optimal solution would be some automation to update all of the repos.

Is there some templating framework that supports this out of the box?

https://redd.it/kw2k2r
@r_devops

CD for production env good idea?

We have had terrible experience, doing CD for well tested (what we thought) code. We always somehow end up with big failures, every time for some newly discovered reason. We are now doing updates in our production environments, manually, using simple scripts, doing updates one by one.

At this time, the only colleagues using CD's are frontend developers, only on testing environments, so they can see their code running inside a kubernetes environment instantly.

Where do other fellow devops use CD's? Anyone doing CD in production? If yes, what other tools are you using? If not, please share your update procedures.

https://redd.it/kw5rz8
@r_devops

Is it possible to have a Jenkins linked choice param?

The issue I am trying to solve is when a dev pushes code to dev branch in GIT Jenkins triggers with a hook. Currently in the hook and job config I have to specify choices for server a server b, config a config b, profile a or profiler b, etc. What I want is if its Server A then choose Config A and Profile A. My hook url is getting crazy trying to add each param in the url where it would be much easier to say Server=A in the url and Jenkins knows the rest of the build information based on the server chosen.

https://redd.it/kw0kt0
@r_devops

Best alternative for Opscode Chef

Hey guys.

I was using Opscode Chef for a quiet long time to setup my web host instance in AWS. After moving to another laptop I realized that after installing needed version of knife-zero and all needed chef programms it couldn't start because of deprecation of some dependencies. Now I think that it's best moment to move to another Configuration Management Tool.

Here are some my use-cases:
setup git repo
setup couple of cron jobs
start and setup some docker services
create folders, create files from templates
setup users, their ssh keys
install packages

I've been working with Ansible and it's my first candidate to try, but I would like to hear other open-source option from colleagues.

P.S.: Everything is running in AWS micro instance, so no K8s needed.

https://redd.it/kw2n0z
@r_devops

Which cloud providers offer the best career options AWS, azure or GCP?

Hey all! I'm currently a junior platform engineer going through the recruitment process. I've been working with AWS for around 3 years now and I'm debating whether moving to another role is a good idea. I have a few job interviews with companies thag use GCP and Azure. Is it better to build on my AWS skillset in my current role or broaden my horizons to GCP or Azure? Thanks!!

https://redd.it/kw28df
@r_devops

Did anyone test how rootless is a new docker rootless mode?

I think we could agree on that the docker security holes were highly related to that by default containers run with root privileges which is a bad practice.

I am wondering if somebody went to their new implementation of rootless mode and if it was a pain to update related images.

https://redd.it/kw0kyz
@r_devops

Suggested modern DevOps books?

Can anyone suggest a good modern DevOps book? I'm looking for a book that focuses on the overall architecture of a DevOps environment. For example, how to manage an environment at scale with DevOps.

The reason why I'm interested in such a book is I want to ensure that I'm practicing DevOps in a way that wont be hindered by the challenges that happen when the environment becomes large. We all can be very successful at a small scale but its different when the environment grows.

https://redd.it/kvz4m6
@r_devops

Deploying Software at GoCardless: Open-Sourcing our “Getting Started” Tutorial

My team at GoCardless have spent the last year rebuilding our infrastructure stack. Today, we've open-sourced our internal getting started tutorial, in hope it might help others understand how our tools (Kubernetes, ArgoCD, Jsonnet, etc) all work together:

https://medium.com/gocardless-tech/deploying-software-at-gocardless-open-sourcing-our-getting-started-tutorial-ab857aa91c9e

The work was motivated by an aggressive hiring target, and an increase in the frequency that application teams wanted to build new services/make infrastructure changes.

While we always tried for "you build it, you run it", our tools weren't very suited for it. Developers took a long time to onboard themselves to our dev tools, and it wasn't possible for a standard application engineer to deploy a new staging (pre-production) service without SRE involvement.

The new stack hinges on a framework we call Utopia, which is a combination of technologies. It is:

- The name of the directory in which we keep our organisation config files (anu/utopia)
- Jsonnet library of Kubernetes mixins that allow developers to write idiomatic Kubernetes deployments without boiletplate (anu/utopia/lib/utopia.libsonnet)
- Golang binary utopia, which has a number of common developer commands

And more useful for external readers, it leverages an opinionated mix of several tools like Kubernetes, Tekton, ArgoCD, and more.

This is not a batteries-included setup, but nor should it be a "draw the rest of the owl". It's intended to help others see how this stuff can work, and show people how we've enabled a route to hands-free service bootstrapping without compromising the security of our production environments.

It's also just out of the prototype stage, and we hope to kill several of the steps from the tutorial once we have smoother processes.

Either way, we hope it's useful!

https://redd.it/kvwxi3
@r_devops

How should i be storing usernames & passwords for file access?

I want to use MinIO to store temporary copies of files to deliver to clients via the web dashboard feature. But I need to put some kind of authentication on the file access. Minio ships with a user account & user groups feature, so I can easily make a random username/password for a client's files, and set the files to auto-delete after e.g. 7 days. But where and how should I be storing these passwords on the server?

There are plenty of articles about proper encryption of user passwords, but what does an implementation of something like this look like when I just want to give someone access to a resource like this file server?

The entire process of

- make bucket

- import files to bucket

- make user account

- give user access to bucket

- email user the login credentials for the bucket

is easy to automate with a simple script. I am just not sure where these user credentials should be saved.

Maybe I could even get away with not saving them, and using the email notification as the only record of the password? I am intending for this to be a temporary file storage location, not permanent.

https://redd.it/kvwbp5
@r_devops

Windows Monitoring Suggestions

Looking for good ways to monitor Windows. Particularly individual services.


We use Prometheus to monitor the overall system mem/cpu usage and several other things. We have come across an issue recently where _something_ is not letting go of memory, requiring us to restart the Server VM. I'm hoping to be able to monitor the the services so that we can identify what exactly is holding onto the memory. There are usually a couple of services that are running hot making identifying the exact one difficult.


Can Prometheus do this? Would you recommend a simple POSH script to report services exceeding x resources or what? Appreciate the help!

https://redd.it/kv6nm9
@r_devops