Simple and easy CI to be triggered via Webhook

I'm looking for a lightweight, simple and easy CI solution to be used with Gitea.

Don't need to be with fancy gui and stuff.

The idea is to have a simple service that is triggered by a WebHook and then executing a build script (shell-script?). Reporting then via log file or mail.

Is such a tool available?

Otherwise i would consider to develop one.

Any thoughts?

https://redd.it/liyovy
@r_devops

Main Role of DevOps Engineer

Just curious on what is the main role and task of a DevOps Engineer?

https://redd.it/liphuf
@r_devops

New to DevOps

Hi, just want to know what's the difference between a Software Developer and a DevOps Engineer? What are the differences on their role and tasks?

https://redd.it/lip9l7
@r_devops

What exploit is trying to be leveraged here? (Apache access.log)

I've just deployed a barebones Apache server on Digital Ocean, only hosting static files. No PHP et al.

I'm not too bothered to see random exploit attempts, but 99% of the requests are of this similar format and I'd like to know what they are trying to do.

The source IP is always changing, but the GET resource request is the same, as well as the user-agent. My server is under a constant 30kB/s public inbound (sometimes peaking at around 80kB/s) from this type of request.

I have written a .htaccess and I regex the user-agent for 'wget', and direct the request to a 403. Very noob at this but I feel like that was possibly redundant.

180.190.118.26 - - 14/Feb/2021:09:10:07 +1100] "GET /index.php?c=update&a=patchsum&product=BTFLY-A&ver=1.3.0 HTTP/1.1" 403 407 "-" "Wget/BTFLY/\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff

There is no index.php on my server, but I'm still curious nonetheless about how concerned I should be.

Thank you.

https://redd.it/ljieir
@r_devops

I created a tool to generate diagrams for cloud architecture declaratively

Hi everyone!

​

The problem:

I often find myself drawing architecture diagrams using tools like draw.io or lucidchart.com but I always dislike the process of manual drawing, searching for icons and clicking around to edit labels. Also I wanted to make sharing the diagrams as easy as sending a link to a friend or colleague and they can start editing, poor man collaboration :-P.

​

The solution:

For this reason I created a tool to declaritively define your infrastructure diagram in the browser. It is similar to graphviz but it has tailored towards cloud infrastructure and it's entirely client side in the browser. The UI is not great and the layout is not as good as a manually crafted diagram (although you can drag around icons to make it look better and I have plans to improve the engine) but I hope it is useful for some for prototyping or creating diagrams for docs and proposals.

I know that with infrastructure-as-code there are other tools to do similar things but they all seemed to have a barrier of entry I wanted to avoid for most non experienced DevOps.

​

The details:

Simple client side JS app wrapping several libraries for parsing and rendering the graph. The DSL language is very similar to Graphviz so it's hopefully familiar.

​

Any feedback on bugs and missing features is welcome.

Link: https://cloudgram.dedalusone.com

https://redd.it/ljcl9b
@r_devops

Is my view of DevOps right?

I recently made a YouTube video (link: https://youtu.be/yczwWzkbFAQ) on what DevOps is in my opinion. I was hoping to make more videos on similar lines but wanted to confirm if my view of DevOps is correct.

In a nutshell, the video emphasizes on having a process (which can be done manually) before you can automate it. Then I've gone on to describe how you can automate a simple process of making a nodejs app live on a VM and how tools like, Docker, CI/CD, Kubernetes fit into the picture.

Really looking forward to your feedback. I'm new to making content so please go easy on me 🙈

Here's the link to the video: https://youtu.be/yczwWzkbFAQ

https://redd.it/ljdn1l
@r_devops

Blog Bash variables — Things that you probably don’t know about it

Hey,

Two days ago I wrote this blog exploring the scope of the Bash variables and the types. I'm explaining their differences, how and when to use each one of them. Feel free to give any feedback/suggestion/* :)

​

See on Medium: https://medium.com/unboxing-the-cloud/bash-variables-things-that-you-probably-dont-know-about-it-8a5470887331?sk=26693ca772a0c54c99d3712303560ed4

​

See on my Website: https://www.lozanomatheus.com/post/bash-variables-things-that-you-probably-don-t-know-about-it

​

Sorry, I'm pretty new on Reddit, I ~~accidentally~~ deleted the original post...

https://redd.it/linffa
@r_devops

Looking for a virtualize network testbed

Hello!

I am writing some distributed network software that I'd like to test. Instead of creating 20 VMs I was planning on using docker containers, but I'm not too sharp on docker networks. I want to be able to create NATs and other network features you'd see normally.

Does anyone know of some software that does this? I'm sure you could do it with docker containers I just don't know the docker networking feature well enough, and it seems like a great place for a product to step in

https://redd.it/lin8jk
@r_devops

DNS server over kubernetes

Hi everyone!
My team manages multiple k8s clusters and other components.

We have a management k8s cluster with several components and a single instance primary DNS server used by the clusters in our environment.

I am considering migration of our DNS server to our management cluster in order to simplify the different kinds of services we manage (concentrate on development on top of k8s).

We haven’t used a k8s cluster for services that aren’t web services (http). I was wondering what your thoughts are?

https://redd.it/limtu3
@r_devops

Telnet

I need step by step guide to install telnet on redhat

Note: i have installed redhat enterprise now and i don't know if i need packages for installation.

https://redd.it/limsq9
@r_devops

Hashi Boundary vs. Teleport vs. StrongDM

Is anyone using these tools to manage cloud application access? I am wondering what people like or dislike about these tools or if any of them are any good.

https://redd.it/lijoit
@r_devops

Creating custom dashboards with Grafana

With Grafana you can create custom dashboards that will display all data about the performance of your app in an easy-to-read way for the use of both developers and business. Another part of my colleague's series for DevOps and backend developers on using Prometheus, Kubernetes and Grafana for app optimization with metrics. Let me know what you think - I can pass questions to the authors.

https://redd.it/lih71h
@r_devops

Help me speed up loading artifacts into multiple container images during CICD process

DevOps/System design question for you all...

​

Here's my conondrum:

\- I have a monolith project. It's old, over 10+ years Symfony (php) project.

\- In the repo it contains multiple "applications" with a shared lib

structure. There are 6 apps in total to make up the one total

project. These are containerized in a php-fpm/nginx docker service combo for each app.

\- Separating these into separate repos has become a massive project, and the benefits, added complexity, and developer headache has proven a "no-go" at my company. We tried putting the shared components into git sub-repo's but again the complexity of local developer workflows has suffered doing it like this.

​

So, I'm left with this large monorepo. In the end I'm building 6 different container images out of it when CICD runs.

​

**My problem:** The build time is so long because I'm copying the built/deliverable code into the deployment container images every time the CICD process runs (every commit). My container build step is over 12 minutes: this has proven to be stressful on me in times that emergency patching is needed in production (rare, but it does happen).

​

**MY QUESTION:** Given the fact that the business will "not" allocate the time/energy/labor hours to splitting this monorepo (and the team of devs don't want it either). **What's the BEST PRACTICE design decision here?** Should I leave it as-is and just tell them that's the cost of having a large monorepo? Should I continue to try and force "microservicing" this project?

​

**One option I had in mind:** Don't add the built code into the final images, instead store the code on the server and load as a volume. The problem with this is you lose out on the portability, immutability, and "best-practice" design of containerization.

​

Thanks for any insights and expertise on how I can/should redesign this process.

https://redd.it/ligse3
@r_devops

A few Terraform questions

I've been learning Terraform as I go along developing a cluster in OpenStack, and I'm loving it so far! However I have a few questions regarding my situation.

Context

I am building a distributed computing cluster for academic use, with the HTCondor batch scheduler sitting atop to manage job submissions. This means the architecture has a control plane instance, submit/login instance, and various worker instances (there are other instances in the cluster as well, like proxies and an LDAP server). These worker instances all have the exact same configuration, the only difference is flavor (as we have different GPU nodes). I also use "remote-exec" to do post-provision configuration like setting the IP's of the proxies and LDAP server dynamically.

Question 1: How can I avoid or at least limit repetition in the worker node configurations?

Right now, I have multiple terraform config files, each with their own worker node resource (ex. worker-980ti, worker-1080ti, etc) and as stated, the only difference is the flavor. They are all built atop a prebuilt VM image that I created in Packer, and the rest of the fields are exactly the same.

Question 2: What is the best way to do post-provision configuration?

I know there are options like Ansible and Chef to do this, but I was trying to see how much I could accomplish with just Terraform. However, I have \~25 lines in each remote-exec (copy-pasted between workers - heinous, I know, but exactly why I'm asking for help!) and it is difficult to maintain when I need to make changes.

I first figured I could make a script and just call said script, but some of the remote-exec is setting dynamic information from Terraform itself like instance IP's which I can't easily reference in the script.

Then I was looking at cloud-init, which seems to be what Terraform recommends as the go-to way of doing post-provision configuration, but I have the same issue as above where I'm not sure how/if I can reference my dynamic Terraform information within a cloud-init, so any assistance or suggestions on that front would be greatly appreciated.

https://redd.it/lifd97
@r_devops

Training

Hello I am currently in I.T. I am very burned out and stagnant looking for a career change. What is the best way to get involved in Devops? Thank you in advance for any help.

https://redd.it/lif8cy
@r_devops

I've created an awesome-istio repository to get together of istio & service mesh related things

Hi everyone,

I've created an awesome-istio repository to get together of istio & service mesh related things.

Contributions are welcome.

https://github.com/mstrYoda/awesome-istio

https://redd.it/ljp2su
@r_devops

Looking for APM for webapps, NodeJs, serverless functions (netlify)

Hi, I’m looking for recommendations for an APM / logging / alerting SaaS

Goals:

- send logs / errors from web apps, nodejs
- alerting capabilities (i.e. if error type X send slack notif etc)

Any thoughts?

So far I found https://www.instana.com/

Thank you

https://redd.it/ljq7vf
@r_devops

How do you promote code to environments?

Eager to learn about various approaches and adopt one of them.

Currently, I struggle with branch per environment approach where:

1. Developer pushes code to the dev branch.
2. Github Actions build code, pushes the image to the registry, and pushes built code to the staging branch where it gets applied to the staging cluster ArgoCD which monitors the staging branch.
3. If all is good, code is promoted to the main branch via PR and automatically applied to the production cluster with ArgoCD which monitors the main branch.

How do you do CI and promote code to production?

https://redd.it/ljlrsy
@r_devops

How "Free" are the cloud services?

I want to spin up a few VMs and try a few features in cloud. Does the AWS, Azure or GCP really have any truly free service? The last time I spun a few VMs to try few things on AWS they charged me few $$ after 2 weeks. I did not upload any data, now AWS is chasing me.

Most of these cloud providers give credits to explore their services, but are they really free?

https://redd.it/lk58yj
@r_devops

Docker on Windows (WSL 2) without Docker Desktop

I like to use Docker now and then on my Windows machine. While Docker Desktop is quite clever, I don't like to have it constantly running, and the slow startup time is troublesome. After some experimenting, I have the Docker daemon running in one of my WSL 2 instances, and other instances can access the shared Docker socket just fine.

For those who dabble in Docker on their Windows machine, perhaps you will find my notes interesting:

Instead of using an init system such as systemd to launch the Docker daemon, launch it by calling `dockerd` manually. This can even be auto-launched.
If sharing the Docker daemon between WSL instances is desired, configure it to use a socket stored in the shared /mnt/wsl directory.
If sharing and privileged access without sudo are desired, configure the `docker` group to have the same group ID across all WSL instances.
Rather than launch a Windows-based Docker client, launch docker inside WSL. A convenience Powershell function is an option for doing this, if docker from Powershell is desired.

A much more detailed and careful explanation.

I welcome your thoughts.

https://redd.it/lk27wb
@r_devops

Creating CICD pipeline to deploy to AWS

I am trying to design a CICD that can deploy Cloudformation via Jenkins. I am thinking I need the following scripts:

A script to assume the role into the account.
A script to compile the template (eg injecting a lambda into Cloudformation or creating a s3 bucket to upload the zip)
A script to validate if the stack compiled correctly

A script to deploy the stack

Do I need to pass the IAM user credentials in each stage of the pipeline? If so how can I create a persistent environment with such information? How can I upload the lambda for instance into s3 and inject the information into the lambda resource? Do I need an IAM user or role to do the same?

https://redd.it/ljzro1
@r_devops