Terragrunt and Terraspace - when to use it

Hey Guys,

We are planning to move all of our infrastructure into code which is Azure and also we are thinking about vSphere. Currently we have 10 subscriptions in Azure. There are two main teams in the company that has 3 subscriptions each which is DEV/TEST/PROD. We also have few DCs around. I came back to the company after some absence and I would like to push for IaC to simplify the management of it.

One of the guys suggested to use Terragrunt as a wrapper for Terraform. However the problem is that 95% of our team do not have much coding experience even in Terraform etc. The new versions of Terraform fixed some issues that were in previous older versions such as module dependencies etc.

I do understand that Terragrunt would help to deploy same infrastructure across environments, however our environments are not 1 for 1 like so I do not really see a point of adding extra layer of complexity. My point of view is simple. Each environment is different so why would we use Terragrunt in the first place. Eventually, maybe after a long time we will rebuild our environments at least in Azure. For now I just want to move whatever infrastructure we have into code and manage from there.

I would think about using Terragrunt if we would have 1 for 1 like environments. Terraform Cloud and Terraform Enterprise adds more functionality which kind of makes hard to decide if going with Terragrunt is a good option.

What is your opinion about that?

https://redd.it/m1tfda
@r_devops

ELK configuration

Hello everyone, I am starting to do my hands on ELK stack , I am running 5 Eos servers on 5 different AWS regions and I created one new ec-2 instance and installed ELK+ Filebeat on it. Can somebody share any relevant links or guide me how to get the logs of 5 Eos server in the ELK dashboard. I tried couldn't find any good guides!!

https://redd.it/m1t9yi
@r_devops

Any suggestions for "modern" approach on CI/CD?

I've been into the devops role for more than a year and I'm still learning a lot of stuff. So we've been trying to make our testing and CI/CD better and the mandated instructions were to use bamboo (yes, we are on the atlassian suite ecosystem unfortunately) and aws in hosting a bamboo agent for the automation testing purposes. Recently, not sure when or if it is even recent, that amazon upgraded to linux 2 and that made our agents and our whole automation bonkers. I have been trying to fix it for a good amount of days but to no avail and so here I am checking if there are better ways to do this.

In case I haven't explained it correctly, the goal was to have the automated testing be run everytime changes are merged. There are also alot of things involved on that as well such as that the branches shouldn't be merged when the automated tests has failed scenarios etc..

Any responses will be very much appreciated as I have been pulling my hair for days, trying to explain why does a ticket with 3 story points have been in several sprints already.

https://redd.it/m1t5l7
@r_devops

Encryption on FLuentbit and Fluentd

Hello Everyone,

Sorry for the beginner's question, I am new to fluentd and fluent bit. Need some insights from the experts on how can we implement encryption on the logs and how to control the logs storage if any application logs volume is high?

Thanks for looking into this.

https://redd.it/m1snip
@r_devops

What advice do you have when a technical interviewer is asking you what you're working on at your current company?

So I had an interview today and with a team mate from a different company and they were asking very pointed questions on what I was doing. Most likely to gauge my ability to use those tools. (e.g Oh you were using Jenkins? How did you use Jenkins on your project.) But sometimes I almost feel like they are trying to get a handle on how I do a particular solution so they can do it themselves. Am I wrong in thinking this? How should I handle these deep drill downs into my skillsets?

https://redd.it/m2wliv
@r_devops

Platform Engineer looking for Career Advice

Hello everyone!

I was hoping to ask some career advice as I am now starting to ponder about what the next step should be.

Quick intro:

I am 3+ years into my role as a Platform Engineer in the public sector. My duties include the following… build APIs (Ruby on Rails, Serverless/Lambda) as a form of middleware between development teams and our AWS environment develop Infrastructure-as-Code(Terraform/CloudFormation) to help teams provision standardized infrastructure in AWS Migrating applications to AWS via containerization and orchestrating in Kubernetes build CI/CD pipelines to increase velocity and feedback loop for developers

Prior to that, I’ve had 1 year of experience working as a full-stack developer while completing my B.S. in Computer Science

Areas/things I’ve enjoyed:

\- Building CLI tools in Go

\- Containerizing/Orchestrating applications with Docker/K8s

\- Developing small/single-functionality services with Lambda/Serverless

Areas/things I’ve disliked:

\- React

\- JavaScript

\- CSS

Next Steps:

I’ve been pondering the idea of beginning the job hunt. There is no career growth with my current company. No technical track to follow, no chance for future raises, etc. I’m not sure if its a “grass is greener on the other side” situation or not. I figured I would reach out to ask questions to gain some insight :)

Questions:

\- If I enjoy building software/tools/automation for the Cloud, which job titles should I be looking for? DevOps/SRE/Platform Engineer? Are there differences between the 3? I tend to enjoy the development work VS the sysadmin work

\- How is your work/life balance as a DevOps/SRE/Platform Engineer?

\- Are you on-call? How often are you woken up in the middle of the night to troubleshoot an issue?

\- What sort of projects do you work on?

\- What was the interview process like for your current role? Was it algo/ds heavy?

\- Is LeetCode-style interviews prominent with DevOps/SRE/Platform Engineers?

https://redd.it/m2wedx
@r_devops

suggest me open source hosting control panel

I am looking for a cPanel alternative free open-source hosting control panel for my azure VM (Ubuntu Server 18.04 LTS - Gen1). basically, host few WordPress sites and PHP backend sites. I tried vestacp but it didn't load my IP and port after installation.

https://redd.it/m2uypq
@r_devops

Interview coming up some guidance help would be very appreciated!

So some of the topics that will be discussed is

Hands-on deployment of new technologies and security capabilities. Can someone provide a example of how they deployed a new technology so I have a talking point.
Manage projects and vendors providing operational or professional services.
Serve as the security liaison on select infrastructure, application and database projects and day-to-day app/data activities.
Create, maintain and update security processes and documentation, such as the secure SDLC process, and coordinate with PMO teams to ensure they're followed throughout IT.
Create, maintain and update a threat tree library by performing regular threat assessments to identify which behaviors and actions can be prevented or detected using  technology.
Monitor public security advisories and alerts for information related to the corporate IT environment

Any help or your personal experiences to any of these bullet points would be greatly appreciated! And if you do I will be share to return the favor in PM! Thank you all in advance and lets get it!

https://redd.it/m2tw94
@r_devops

Building a game development build PC / Server

We are currently looking to build a dedicated PC for running UE4 / Unity builds. What are some recommended specs? I think for builds speed and compute power are crucial together with RAM. Speedy NVMe, 16GB RAM and i9 should be more than enough, correct me if I'm wrong.

​

We can always go with a VM however in this case a dedicated physical machine would be better in my opinion.

https://redd.it/m2tdl9
@r_devops

Ansible, Terraform, or Both?

Hi, I recently started a new job at a startup and I'm looking to build out the infrastructure in a well managed way. I have very little direct devops experience so I've been learning and experimenting a lot lately and came across Ansible and Terraform, which both seem to fit the problem I'm trying to solve.

I was initially planning to use Terraform to provision the infrastructure (currently will be GKE cluster, some persistent volumes, etc. but plan to build out IaC for all core infrastructure we are using) but needed to find another tool to configure the cluster with the appropriate configurations and technologies so I found Ansible.

Ansible seems like the appropriate option for configuration management but it seems I can also provision infrastructure using Ansible as well. So now I'm wondering if I should just do it all using Ansible playbooks or if I should use both. I know there is also a Terraform plugin for Ansible that I could use but I'm not sure if that's over-complicating things I want to keep this as simple as possible since I will likely be the only employee managing it.

What are your recommendations? Are there other technologies I should look at?

https://redd.it/m2r5hz
@r_devops

Network got screwed on Ubuntu browsers

To be brief, I did a apt upgrade on my ubuntu workstation at work and now networking in the browser is f'ed.

I can ping any IP (8.8.8.8, google.com, local workstations), but I can't go to any website from my browser.

I'm not 100% it's that or something else I did but the upgrade is most likely the reason.

This is what syslog has to say:


Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: libinput error: client bug: timer event4 debounce: offset negative (-1056ms)
Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: libinput error: client bug: timer event4 debounce short: offset negative (-1069ms)
Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: --2021-03-11 15:35:27-- https://clients2.google.com/cr/report
Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: Resolving clients2.google.com (clients2.google.com)... 142.250.186.174, 2a00:1450:4001:82b::200e
Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: Connecting to clients2.google.com (clients2.google.com)|142.250.186.174|:443... libva error: vagetDriverName() failed with unknown libva error,drivername=(null)
Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: 26308:26308:0311/153527.705821:ERROR:sandbox_linux.cc(374) InitializeSandbox() called with multiple threads in process gpu-process.
Mar 11 15:35:31 ws28 whoopsie3275: 15:35:31 Cannot reach: https://daisy.ubuntu.com
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: failed: Connection timed out.
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: Connecting to clients2.google.com (clients2.google.com)|2a00:1450:4001:82b::200e|:443... failed: Cannot assign requested address.
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: Giving up.
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: Unexpected crash report id length
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: Failed to get crash dump id.
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: Report Id:

Does anyone happen to have a clue on what's going on? Thanks ahead.

https://redd.it/m2qfh6
@r_devops

Question - Domain and SSL certificate renewals

Hi guys, a very quick question how do you guys manage your Domain and SSL certificate renewal notifications or reminders? Do you use any specific service to keep track of these things? I'm looking for a very economic solution.


I narrowly escaped from expiration today. As these things are renewed after a couple of years we cant depend on one person to keep track of such things.

https://redd.it/m2pek7
@r_devops

R Shiny Application Running Inside Docker Dies/Becomes Grey After Less Than 1 Minute of Inactivity.



I have an R Shiny application that is running inside a docker container. On my local Windows machine, when I start the Docker container/image, the container/shiny App starts and stay up and running without becoming grey/dying off.

However, when deployed to a server, the container starts, and the App runs fine. The problem is: the application, when accessed via web interface, it becomes grey after less than one minute of inactivity. The container is up but it is the application that keeps becoming grey after less than a minute. When one refreshes the browser, the app comes back to life quickly.

Can anyone who understands this tell me what I am missing in my container? Or what need to be done on the server?

Currently I have this inside my Docker file.

\# Expose port

EXPOSE 3838

\# Run app on container start

CMD ["R", "-e", "shiny::runApp('/app2', host = '0.0.0.0', port = 3838)"\]

https://redd.it/m2o7vv
@r_devops

Evernote replacement - quick search ?

Hello,

so far I keep my notes in Evernote. The main reason is quick search across all my knowledge base notes (a lot of them ...). But thinking of migrating to simple private git repository. The only missing thing is ... the search. I know I can use `grep` but ... anything more sophisticated, i.e.: gui based to search across all files in particular folder ?

https://redd.it/m2nlql
@r_devops

Help me understand how to handle access and firewall rules for APIs on different environments

I need to handle an application on AWS that has several API endpoints exposed to the world.

In Dev, Test and Quality environments, endpoints are only available for certain public IP addresses only.

In Production, the endpoints are going to be open to the world.

The application also has several management admin APIs that are available in all environments only from certain public IP addresses.

I need to setup up firewall rules on AWS for the 4 environments, trying to figure out the best way to do it, any insights would be greatly appreciated.

https://redd.it/m2n60l
@r_devops

What do you think about new virtual recruitment process(codility and hirevue)?

I have a confession:Codility and Hirevue frustrates me a lot because now we have to score alteast 95-97% in codility test which kinda of seems unfair. Earlier i remember that for erisscon I went to their campus and gave all the test especially coding test. In that test I didn't get all the coding question but i explained how I would approach the problem using pen and paper they were impressed by that and in the feedback i was rated among one of the highest ranking coder on that day. There is one more piece of virtual recruitment i dislike the most which is hirevue: these automated video test are impossible to pass.

https://redd.it/m2n3qb
@r_devops

OneDev 4.2 released with ability to annotate source with Jest/ESLint information

OneDev is an open source self-hosted DevOps server, with ability to manage issues and git repositories, as well as built-in CI/CD support.

With 4.2 release, one can setup CI/CD job to publish Jest and ESLint reports for queries, statistics, and source annotations. Checkout this short article for details:

https://robinshen.medium.com/annotate-source-with-jest-eslint-information-in-onedev-c622641caa45

https://redd.it/m3cflj
@r_devops

Random bad HAProxy-Galera check

Hi guys!

I have a bothering problem. I set it up 2 haproxy vm and a mysql galera cluster with 3 nodes. I use a simple passwordless haproxy user for check, this is working fine base on the logs.

But, for safety sake i want to setup AWS R53 check. I have a simple php what log in to mysql with this haproxy passwordless user and if it can, it's print out Ok. If no, print the error message.

On haproxy-1 i have no problem, everything is working fine, but on the haproxy-2 i got random error message: Connection failed: MySQL server has gone away

The joke in the whole thing is that the system has ben set up with ansible, so the 2 haproxy and the 3 galera node is same config, everything is same.

Have you any idea?

https://redd.it/m2kvlz
@r_devops

Can someone tell me how to create a shell script like this?

I come to know this installation shell script from
https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh
and I hope to start from the basic.


Can someone point me to some resources where I can start building some shell scripts that I can automate things like that link?

Thanks.

https://redd.it/m2h4nm
@r_devops

Jenkins inside Kubernetes or not?

I'm planning on doing a home lab to learn devoos. However I'm not sure if Jenkins and other services like gitea should be in a pod inside Kubernetes or If It is better ti have It on a separate VM and why

https://redd.it/m3lc3r
@r_devops

How to create/update registry settings in Windows via Hashicorp Packer

Hi all,

I am building Windows 10 multi-session images in Azure. I install about a dozen apps, add some users, etc. Everything works great except that I cannot figure out how to set registry values. I get strange errors when they attempt to run...and they fail. I am assume this is a security issue (UAC). What confuses me is that I am performing other administrative tasks (like creating a local admin) that work fine.

Is there a trick to set registry values in Packer? My Powershell statements are correct, it’s just that I cannot get them to take when running the Packer build process. Is there a way to elevate and bypass UAC? Is it something else?

Thank you to anyone who can help. I have been working on this for several days.

A few details:

* Im using the Powershell provisioner and the Azure ARM builder
* The commands I am trying to set are:
* New-ItemProperty -Path "HKLM:\\Software\\FSLogix\\Profiles" -Name "Enabled" -Value "1"  -PropertyType "DWORD"
New-ItemProperty -Path "HKLM:\\Software\\FSLogix\\Profiles" -Name "VHDLocations" -Value "\\\\10.xx.xx.xx\\FSLogixShare"  -PropertyType "MultiString"
New-ItemProperty -Path "HKLM:\\Software\\FSLogix\\Profiles" -Name "ProfileType" -Value "3"  -PropertyType "DWORD"

In the doc I see ways to enter the elevated user/password but I assumed that the Packer user that runs and connects to the machine is already an admin.


Any thoughts are much appreciated.

https://redd.it/m3ku8z
@r_devops