Automated deployment of ssh public key to 1000s Windows nodes

We use Chef for config management of 1,000s Windows 2012/2016+ servers. Have a need to deploy a public key into C:\\Users\\<user>\\.ssh\\authorized_keys.

However, while refining the requirement I recall that during a server's initial configuration a local user's profile is not created, so the C:\\users\\<user> folder doesn't exist. If I create in code it won't be associated with the user.

I am interested in how people have managed this in their environments. Perhaps I have missed a subtlety of ssh.

Servers have WinSCP and OpenSSH installed.

The Supermarket cookbook https://supermarket.chef.io/cookbooks/ssh\_authorized\_keys does not support Windows.

Regards

https://redd.it/la7n8h
@r_devops

What's cooking in your Kubernetes namespace?

As Kubernetes platform engineers, have you ever wondered what all things are running in the various namespaces that you have provisioned for your product teams?

We have developed a kubectl plugins to help answer that question. Check it out:

https://cloudark.medium.com/whats-cooking-in-your-kubernetes-namespace-9200be114f8

https://redd.it/lakvn7
@r_devops

Transitioning from current role into a DevOps role

Hello,

I want to transition from my current role as a network engineer to DevOps. I have previous experience as a sysadmin dealing with mostly a Windows environment and some Linux. I also managed the VMWare infrastructure in that previous role. From reading some of the posts with similar questions it seems the sentiment is to work on projects and not to focus too much on certifications. What projects should I work on that I could leverage when applying to DevOps roles? Any advice is appreciated.

https://redd.it/la9isc
@r_devops

Building Docker Images The Proper Way

Hi /r/devops

Today I published a new article about optimization and improvements of Docker builds, such as caching, reducing image size or making images more secure and I thought some you might be interested in this kind of an article. So, here is the link:

https://itnext.io/building-docker-images-the-proper-way-3c9807524582

https://redd.it/labibx
@r_devops

CI vendor comparisons?

I'm looking for an in-depth comparison of CI vendors. My company uses many CI providers and we're looking to consolidate. I figured there are already some good comparisons written.

Must be a recent comparison ideally written in 2020 or 2021.

Feature set, usability, reliability, and cost are the dimensions I'm most interested in.

https://redd.it/lab9v0
@r_devops

Setting up Samba on Docker?

I hope this is the appropriate place to ask this question. If not, please direct me to the appropriate subreddit. I'm just barely getting into devops. I wanted to try to set up a Docker container for an SMB server, create a share, and then access that share with smbclient. I tried downloading the dperson samba image from https://hub.docker.com/r/dperson/samba. It looks like I was able to run it correctly and, following the instructions on the page, was able to create some shares. The exact command I used was:

&#x200B;

sudo docker run -it -d dperson/samba -p \\

\-u "example1:badpass" \\

\-u "example2:badpass"

\-s "public;/share" \\

\-s "users;/srv;no;no;no;example1,example2" \\

\-s "example1 private share;/example1;no;no;no;example1"

\-s "example2 private share;/example2;no;no;no;example2"

&#x200B;

When I try to use smbclient to connect to it, I can even see the names of the shares. Trouble is, I cannot figure out how to open up the SMB terminal! Smbclient just returns me to my original terminal every time! It shows a message saying "no workgroup available". It also says "SMB1 disabled", but I think that is mitigated with the `-m SMB3` option.

&#x200B;

smbclient -I <IP address of docker container> -L <name of container> -U example1%badpass -m SMB3

&#x200B;

I'm pretty new to both Samba and smbclient so I may be making just a dumb mistake. If there is a more appropriate Docker image to use on Docker hub, let me know.

Thanks.

https://redd.it/laaw5j
@r_devops

Starting a Junior DevOps Engineer position in a week. My experience is 2 internships in full stack engineering. Will it be hard to return to the world of development after a year in DevOps? Worried I will miss coding too much.

background:
I'm compelled to take this position because income is a priority at the moment and this was the highest offer I received among all my junior dev/DevOps positions. However, the team is made up of friendly people who I get along with very well and are very interested in training me and I love the company culture and perks so its not by any means a loss. I also am genuinely interested in developing DevOps skills. I am told that there is ample opportunity to perform tasks programmatically.

my issue:
I can't help but worry I'm putting myself in a box very early on in my career. I love programming and developing features. If I wanted to return to development, would it be very hard to convince employers I have wake it takes to do development after a year in DevOps?

https://redd.it/lam85o
@r_devops

Shrinking size of EBS volume mounted as XFS

I have an EC2 instance with an EBS volume mounted as an XFS filesystem that is way too large than what we need it to be. I'd like to shrink the volume of the filesystem/volume to something much more in line with our needs, but I am having difficulty doing so. I tried doing something like this (https://cloudacademy.com/blog/amazon-ebs-shink-volume/) where I create a new smaller EBS volume, attach it to the instance, make a new filesystem and mount it to that. Then, I rsync everthing from the larger filesystem to the smaller filesystem, stop the instance, detach both volumes, and reattach the smaller volume to the block device (i.e. /dev/sdf) that the larger volume used to be attached to.

However, when I start my instance back up something goes wrong and it starts up in some sort of emergency mode based on reading the system logs. I can't even SSH into it anymore. Does anyone have any ideas on what I can do?

https://redd.it/laj3o8
@r_devops

Git hook to remove credentials

Hi
I have a file which contains some credentials. This file needs to be pushed to git. Before actually pushing or committing I'd like to remove the creds from this file.
I tried using git's pre-commit hook which replaces the creds, then does git add and commit again but this ofcourse creates an infinite loop of commits.
Any ideas or solutions to this problem?

https://redd.it/la9lqi
@r_devops

Prometheus alternative for serverless

Hey there 👋,

I'm working on a node.js app with a REST API that is deployed to AWS Lambda. Having worked a lot with Kubernetes, Prometheus, and Grafana, I'm used to instrumenting the API code and exposing white-box metrics from the app (error counts, latency histograms, request counts, and histograms for DB queries) and having those pulled by Prometheus for altering and also visualisation with Grafana.

I was curious to know if there are any tools or services that enable this level of detail in metrics for serverless?

Alternatively, if I go down the route of a long-running Node.js process using something like Google Cloud Run, are there any other tool or services that give similar functionality (short-term storage, visualisation and altering), without the operational overhead and cost of Prometheus?

https://redd.it/la391q
@r_devops

Backend developper who is tired of coding looking to move into DevOps

So, to start off with, I'd like to say that I'm relatively aware of what a DevOps specialist does as it's what my wife does. That being said, I'm sure I have some misconceptions but, either way, the profession looks quite interesting.

&#x200B;

I've read the "getting into dev ops" sticky but I had a slightly more point question: how much, if any, actual coding goes into being a DevOps engineer? I have a software engineering background but I'm super tired of the general monotony of pouring over code day in and day out like I've done for the last 7 years so I'm really looking for a tech-facing job that doesn't have me in the code.

&#x200B;

Thank you very much

https://redd.it/la32zh
@r_devops

Changing my technology from an IBM iseries developer to Devops Engineer

Hi,

As you've read I want to change my technology from AS400 to Devops. Currently I have 2.5 years experience in AS400 and I'm working with a MNC in india. I want to switch from as400 to Devops .
But the problem is I don't know how to start. How many certifications do I need to do. ?
Since yesterday I've started a LinkedIn learning 40hours course on Devops which is a certified course which will teach me chef, kunernetes , ansible and everything . Is this course enough?
Do I need to learn any programming language as well to switch successfully in devops ? Currently the only programming languages I know are RPGLE , SQLRPGLE , cl programming

Ps: I know my way around Jira, jenkins , bitbucket, rational developer for ibmi.

https://redd.it/lau0y1
@r_devops

Digital Transformation & Cloud Adoption in Pandemic

Digital transformation is reshaping businesses all over the globe, and Cloud platforms are enabling rapid digital changes with unprecedented growth. Even today, deploying all the data of the enterprises to Cloud is a challenge for many organizations, mainly because traditional IT departments do not have the technical skills and are unfamiliar with digital transformation processes.

Xavor is helping companies succeed in the digital-first world by bringing businesses and IT closer together and optimizing processes to create new business value for them. We provide services like leveraging of cloud infrastructure, IoT integrations and business insights, AI, Data Analytics/Management & marketing platforms. Our Business Technology Platform strategy includes cost optimization, business continuity, and security & compliance working to help businesses compete in the digital economy.

We are the proud partners of the world’s leading digital platforms like Azure, AWS, Google Cloud, and our Certified professionals enable you to take benefits of Cloud innovative technology services.

https://redd.it/la214t
@r_devops

What other software is there like Jenkins? Is there anything better or is Jenkins the best one?

I am learning Jenkins and I was wondering if there is any other tool like Jenkins and how those work and how they differ

https://redd.it/l9y0bz
@r_devops

The Unspoken Challenges of SecDevOps



In the fast-paced world of cloud-native, code changes frequently, and the attack surface and the risk profiles change just as quickly - giving rise to the SecDevOps.

As companies embrace SecDevOps, new challenges arise as different teams need to learn new concepts and technologies that aren’t normally associated with their day-to-day responsibilities. Now the DevOps teams need to learn how to secure their software and infrastructure and security team needs to adapt to a rapid delivery environment.

Aside from the new skills that need to be learned, a common thread between the 3 teams must be established. With varying goals and different perspectives to boot, coming to that common understanding is where most run into their first set of unspoken challenges nobody openly talks about.

Join us in the upcoming fire chat with Scott Surovich, HSBC's Global Container Engineering Lead, as we have an honest discussion about navigating the cultural and technical challenges of the journey to SecDevOps.

You will get to hear and learn about:

The technical and cultural challenges of shifting security left and how to overcome them.

Build a common thread between Devs, Ops, and Security teams.

How policies, workflows, and analytics are 3 pillars in establishing a secure Cloud-Native environment

How to get your Cloud-Native security initiatives off the ground

Register here: https://www.magalix.com/the-unspoken-challenges-of-secdevops

https://redd.it/la2a2v
@r_devops

windows metrics relabeling in Prometheus

&#x200B;

&#x200B;

Hello team, need some help,

I have in Grafana at metrics from my windows pods ( using windows_exporter):

if i try get metrics for example: rate(windows_container_cpu_usage_seconds_total[5m\])

I will see only container_id ( pod id) for example: docker://0040308261f7aa694ac13ca1d7fc92ee9c781892de774b4b87ea4f6a167344be not a pod name/container name because windows_exporter can provide only at container ID

as I understand I need to do relabeling in Prometheus-operator ( I'm using helpfile for this in kube-prometheus-stack)

how I understand I need to add metric_relabel_configs in values but I do not understand how I can do this.



additionalScrapeConfigs: [\]

\# - job_name: kube-etcd

\# kubernetes_sd_configs:

\# - role: node

\# scheme: https

\# tls_config:

\# ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca

\# cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client

\# key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key

\# relabel_configs:

\# - action: labelmap

\# regex: __meta_kubernetes_node_label_(.+)

\# - source_labels: [__address__\]

\# action: replace

\# targetLabel: __address__

\# regex: ([\^:;\]+):(\\d+)

\# replacement: ${1}:2379

\# - source_labels: [__meta_kubernetes_node_name\]

\# action: keep

\# regex: .*mst.*

\# - source_labels: [__meta_kubernetes_node_name\]

\# action: replace

\# targetLabel: node

\# regex: (.*)

\# replacement: ${1}

\# metric_relabel_configs:

\# - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone)

\# action: labeldrop

https://redd.it/l9ysz8
@r_devops

Only sign code from the source code repository

The recent SolarWinds attack was made possible because the build server was able to sign code that didn't come from the source code repository. There is a way to ensure that only code that comes from the source control repository gets signed, and even to enable scanning on that code, without sacrificing time in the CI/CD pipeline.

https://redd.it/l9xtjj
@r_devops

Question about devops engineer's job

Hi everybody, I am currently doing an engineer's school to work in IT jobs. I have both network and programmation's courses. I took some interest in the job of "Devops Engineer" (At least what I understood about it on Internet). I think that the information about this job is pretty lame. I would like to know if you could tell me more about it ? Moreover, I like to write code. Do you code as a Devops Engineer ? If yes, what kind of programs or scripts do you write ? Is Devops Engineer only about network management ? Is it about both ?

I would like to specify that i like both network management and programming.

Thank you for your answer

&#x200B;

P.S : Sorry if I made mistakes. English isn't my first language and i didn't write it since 3 years.

https://redd.it/l9s1iz
@r_devops

When are DevOps the blockers?

Hey everyone. Been a DevOps engineer for close to a year now.

I know the purpose of our role is to streamline processes, through automation, best practices, etc. But when do we become the blockers?

I've noticed situations where devs are blocked, because DevOps have to review PR's which create infrastructure through TF or management via Ansible. But our roles are so busy, we have tickets coming in every second, that this just ends up blocking the devs since they're waiting.

Or another case, where even most members of DevOps don't have AWS permissions to do anything. So we have to use the CLI to get most of our work done, which is a huge blocker. For example, doing something on the console is 10x faster than figuring out the inline json syntax from the CLI.

Is my experience normal? And if so, what practices do you guys follow that makes DevOps less of a blocker, for others and for themselves?

https://redd.it/lb4ux1
@r_devops

Recommended Git client for Windows

Linux luser looking for some help migrating Windows users from TortoiseSVN on a network share to GitHub. Would people recommend TortoiseGit or GitHub Desktop or something else for the GUI approach? Would chocolatey git be the best command line / Ansible approach? Last time I tried running the git-scm.com installer it gave weird errors. Users are on Windows 10. Deploys will go to 7 or 10. Thanks!

https://redd.it/laxxrq
@r_devops

What makes a DevOps standup/scrum etc successful ?


I work on a small team at a \~100 person tech company.

2 "Sr. SRE" (including myself), a DBA, a buildmaster, and a newly promoted "Manager, DevOps" who is reasonably technical but was previously in a Sr. customer success type role sortof like a sales engineer but who was on our team. There is a totally separate small team that handles "Production Operations" and I have significant overlap with them in terms of responsibilities, often more than my own team, The only difference being I generally work on stuff before it is deployed vs after, in theory at least.

&#x200B;

We've been having a monday morning standup call/meeting since I started over a year ago and frankly I feel like it's lacking and unfruitful. Nobody really comes prepared, we just rattle off what we are planning to work on that week, I sometimes references my jira queue etc, but there is little coherence to the whole thing and no followup on it, the next monday just rolls around and we do the same thing.

&#x200B;

I've talked to some other companies that do standups daily or 4x/week. It seems like we should have a list of items prepared and then review our progress as a team at the end of the week or something.

&#x200B;

So what makes a successful scrum, what should a lead of a small team like this be doing to ensure productivity and success?

https://redd.it/lb29ei
@r_devops