Ansible, Terraform, or Both?

Hi, I recently started a new job at a startup and I'm looking to build out the infrastructure in a well managed way. I have very little direct devops experience so I've been learning and experimenting a lot lately and came across Ansible and Terraform, which both seem to fit the problem I'm trying to solve.

I was initially planning to use Terraform to provision the infrastructure (currently will be GKE cluster, some persistent volumes, etc. but plan to build out IaC for all core infrastructure we are using) but needed to find another tool to configure the cluster with the appropriate configurations and technologies so I found Ansible.

Ansible seems like the appropriate option for configuration management but it seems I can also provision infrastructure using Ansible as well. So now I'm wondering if I should just do it all using Ansible playbooks or if I should use both. I know there is also a Terraform plugin for Ansible that I could use but I'm not sure if that's over-complicating things I want to keep this as simple as possible since I will likely be the only employee managing it.

What are your recommendations? Are there other technologies I should look at?

https://redd.it/m2r5hz
@r_devops

Network got screwed on Ubuntu browsers

To be brief, I did a apt upgrade on my ubuntu workstation at work and now networking in the browser is f'ed.

I can ping any IP (8.8.8.8, google.com, local workstations), but I can't go to any website from my browser.

I'm not 100% it's that or something else I did but the upgrade is most likely the reason.

This is what syslog has to say:


Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: libinput error: client bug: timer event4 debounce: offset negative (-1056ms)
Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: libinput error: client bug: timer event4 debounce short: offset negative (-1069ms)
Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: --2021-03-11 15:35:27-- https://clients2.google.com/cr/report
Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: Resolving clients2.google.com (clients2.google.com)... 142.250.186.174, 2a00:1450:4001:82b::200e
Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: Connecting to clients2.google.com (clients2.google.com)|142.250.186.174|:443... libva error: vagetDriverName() failed with unknown libva error,drivername=(null)
Mar 11 15:35:27 ws28 org.gnome.Shell.desktop18176: 26308:26308:0311/153527.705821:ERROR:sandbox_linux.cc(374) InitializeSandbox() called with multiple threads in process gpu-process.
Mar 11 15:35:31 ws28 whoopsie3275: 15:35:31 Cannot reach: https://daisy.ubuntu.com
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: failed: Connection timed out.
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: Connecting to clients2.google.com (clients2.google.com)|2a00:1450:4001:82b::200e|:443... failed: Cannot assign requested address.
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: Giving up.
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: Unexpected crash report id length
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: Failed to get crash dump id.
Mar 11 15:35:37 ws28 org.gnome.Shell.desktop18176: Report Id:

Does anyone happen to have a clue on what's going on? Thanks ahead.

https://redd.it/m2qfh6
@r_devops

Question - Domain and SSL certificate renewals

Hi guys, a very quick question how do you guys manage your Domain and SSL certificate renewal notifications or reminders? Do you use any specific service to keep track of these things? I'm looking for a very economic solution.


I narrowly escaped from expiration today. As these things are renewed after a couple of years we cant depend on one person to keep track of such things.

https://redd.it/m2pek7
@r_devops

R Shiny Application Running Inside Docker Dies/Becomes Grey After Less Than 1 Minute of Inactivity.



I have an R Shiny application that is running inside a docker container. On my local Windows machine, when I start the Docker container/image, the container/shiny App starts and stay up and running without becoming grey/dying off.

However, when deployed to a server, the container starts, and the App runs fine. The problem is: the application, when accessed via web interface, it becomes grey after less than one minute of inactivity. The container is up but it is the application that keeps becoming grey after less than a minute. When one refreshes the browser, the app comes back to life quickly.

Can anyone who understands this tell me what I am missing in my container? Or what need to be done on the server?

Currently I have this inside my Docker file.

\# Expose port

EXPOSE 3838

\# Run app on container start

CMD ["R", "-e", "shiny::runApp('/app2', host = '0.0.0.0', port = 3838)"\]

https://redd.it/m2o7vv
@r_devops

Evernote replacement - quick search ?

Hello,

so far I keep my notes in Evernote. The main reason is quick search across all my knowledge base notes (a lot of them ...). But thinking of migrating to simple private git repository. The only missing thing is ... the search. I know I can use `grep` but ... anything more sophisticated, i.e.: gui based to search across all files in particular folder ?

https://redd.it/m2nlql
@r_devops

Help me understand how to handle access and firewall rules for APIs on different environments

I need to handle an application on AWS that has several API endpoints exposed to the world.

In Dev, Test and Quality environments, endpoints are only available for certain public IP addresses only.

In Production, the endpoints are going to be open to the world.

The application also has several management admin APIs that are available in all environments only from certain public IP addresses.

I need to setup up firewall rules on AWS for the 4 environments, trying to figure out the best way to do it, any insights would be greatly appreciated.

https://redd.it/m2n60l
@r_devops

What do you think about new virtual recruitment process(codility and hirevue)?

I have a confession:Codility and Hirevue frustrates me a lot because now we have to score alteast 95-97% in codility test which kinda of seems unfair. Earlier i remember that for erisscon I went to their campus and gave all the test especially coding test. In that test I didn't get all the coding question but i explained how I would approach the problem using pen and paper they were impressed by that and in the feedback i was rated among one of the highest ranking coder on that day. There is one more piece of virtual recruitment i dislike the most which is hirevue: these automated video test are impossible to pass.

https://redd.it/m2n3qb
@r_devops

OneDev 4.2 released with ability to annotate source with Jest/ESLint information

OneDev is an open source self-hosted DevOps server, with ability to manage issues and git repositories, as well as built-in CI/CD support.

With 4.2 release, one can setup CI/CD job to publish Jest and ESLint reports for queries, statistics, and source annotations. Checkout this short article for details:

https://robinshen.medium.com/annotate-source-with-jest-eslint-information-in-onedev-c622641caa45

https://redd.it/m3cflj
@r_devops

Random bad HAProxy-Galera check

Hi guys!

I have a bothering problem. I set it up 2 haproxy vm and a mysql galera cluster with 3 nodes. I use a simple passwordless haproxy user for check, this is working fine base on the logs.

But, for safety sake i want to setup AWS R53 check. I have a simple php what log in to mysql with this haproxy passwordless user and if it can, it's print out Ok. If no, print the error message.

On haproxy-1 i have no problem, everything is working fine, but on the haproxy-2 i got random error message: Connection failed: MySQL server has gone away

The joke in the whole thing is that the system has ben set up with ansible, so the 2 haproxy and the 3 galera node is same config, everything is same.

Have you any idea?

https://redd.it/m2kvlz
@r_devops

Can someone tell me how to create a shell script like this?

I come to know this installation shell script from
https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh
and I hope to start from the basic.


Can someone point me to some resources where I can start building some shell scripts that I can automate things like that link?

Thanks.

https://redd.it/m2h4nm
@r_devops

Jenkins inside Kubernetes or not?

I'm planning on doing a home lab to learn devoos. However I'm not sure if Jenkins and other services like gitea should be in a pod inside Kubernetes or If It is better ti have It on a separate VM and why

https://redd.it/m3lc3r
@r_devops

How to create/update registry settings in Windows via Hashicorp Packer

Hi all,

I am building Windows 10 multi-session images in Azure. I install about a dozen apps, add some users, etc. Everything works great except that I cannot figure out how to set registry values. I get strange errors when they attempt to run...and they fail. I am assume this is a security issue (UAC). What confuses me is that I am performing other administrative tasks (like creating a local admin) that work fine.

Is there a trick to set registry values in Packer? My Powershell statements are correct, it’s just that I cannot get them to take when running the Packer build process. Is there a way to elevate and bypass UAC? Is it something else?

Thank you to anyone who can help. I have been working on this for several days.

A few details:

* Im using the Powershell provisioner and the Azure ARM builder
* The commands I am trying to set are:
* New-ItemProperty -Path "HKLM:\\Software\\FSLogix\\Profiles" -Name "Enabled" -Value "1"  -PropertyType "DWORD"
New-ItemProperty -Path "HKLM:\\Software\\FSLogix\\Profiles" -Name "VHDLocations" -Value "\\\\10.xx.xx.xx\\FSLogixShare"  -PropertyType "MultiString"
New-ItemProperty -Path "HKLM:\\Software\\FSLogix\\Profiles" -Name "ProfileType" -Value "3"  -PropertyType "DWORD"

In the doc I see ways to enter the elevated user/password but I assumed that the Packer user that runs and connects to the machine is already an admin.


Any thoughts are much appreciated.

https://redd.it/m3ku8z
@r_devops

WordPress workflow - newbie edition

Hi peeps,

First, I hope this question fits in this sub - I found a similar one anyways, just super older.


I've been hired to handle a company's website which is based on WordPress.


I'm trying to figure out what the best workflow would be, taking in consideration all the involved parties.

So far I'm thinking...
Local by Flywheel to develop locally, then Github would save the changes and Buddy would be used as the middle man, to update the server's version (AWS) whenever changes are added to the main branch. Thoughts?

I've heard of Docker as well, but I have to dive into that one yet.


Keep in mind - I'd be working on design / themes and plugins mainly, and those are the only files on the github repo and (hopefully) the only ones to be updated through each push, but I have no idea if it'll work like that. + that'd hopefully allow the Content Creation crew to go into the WordPress dashboard and put up posts as usual, without stuff getting overwritten - which again, I have no idea if it'll work.

Another step would possibly be to do all of that in a staging site, and then use a plugin to get a static version which will be used for the production site - to hopefully make it faster as well.

Any advice or tips will be highly appreciated. :)

https://redd.it/m3i7u7
@r_devops

How do you guys are getting most out of Prisma Cloud

Hello Guys,
We are using Prisma cloud mainly focusing on vulnerabilities and runtime alerts/events. Every time we receive an alert of container runtime from Prisma cloud we have to involve a dev team member and verify if it is a false positive or a genuine alert(I am part of sec team and I don't have access to the machines directly). I am just curious how you guys are actually using prisma cloud at your place and may be get some useful tips. Thanks

https://redd.it/m3e056
@r_devops

Fluentd_fluent-plugin-sanitizer

Hello All,

Need some suggestion on implementing encryption on the fluentd logs for the Kubernetes cluster. Does anyone have any idea how to integrate "fluent-plugin-sanitizer" to encrypt the logs data? Any other technique to achieve this.

Your help is highly appreciated.

Thanks

https://redd.it/m39uxq
@r_devops

Open Source Projects

Hello,
I'm looking to contribute to an open source project as a devops engineer. Any recommendations?

https://redd.it/m3sj8r
@r_devops

DevOps and SSIS scheduling (Operate)

I’m looking for an SSIS Package scheduling tool to monitor all SSIS packages with one central console. In the past I have used autosys and also looking into JAMS and ActiveBranch.

Before I move in above direction I’m wondering if there is another type of tool that better fits in a DevOps ecosystem and will accomplish the same (central execution and monitoring of sql jobs)

https://redd.it/m3tkxy
@r_devops

New to Azure DevOps. I hate it. It's a labyrinth.

Hi folks,

I'm a scientist, device engineer, and programmer. I've managed small teams of 3 or 4 programmers without a formal version control system. My preferred stack is Linux and Python, but I can work in other environments. Last year I started to participate in GitHub, and I was just starting to the hang of it. Then I got a new job where they use Azure DevOps.

I'm only two weeks in to the job, so maybe in time it will all become clear. But right now I'm hating Azure. I have spent hours trying to accomplish what should be simple tasks. Yes, I am RTFM. This reading will consume an unknown amount of my time. I can also see that Azure's documentation considers its customization features as a plus. I hope that customization doesn't involve too much flexibility in the menu options, because that will greatly decrease the value of RTFM if my company's sysadmins did something cute.

Right now, all I want to do is to find and download a software build. There used to be a place on the company network drive where the company was keeping its software builds. They decided to move the builds onto Azure today, and all new builds will go there.

I got a link to a Releases page. The builds are not actually accessible directly from that page. There was a bewildering array of choices on that page, all of which seemed to link to documentation of the branch history, what tests were run on this particular Release, etc. But where was the link to the installer binary? I couldn't find it. A colleague helped me with this task earlier today. I remarked that I seemed to need to click on Releases on multiple menus to locate the installer build. There were two or three menus to navigate from the starting point to actually get to the executable.

Alas, my note taking was less than thorough, and I can't seem to find my way back.

I feel like many of the changes that Microsoft made between Windows 7 and Windows 10 were "just because." Menus were rearranged. Settings were split from Control Panel. Popup windows from the OS cover critical information while you are working.

Azure feels the same way, like it was written to be the not-GitHub, different "just because."

Please feel free to change my mind. Thanks.

https://redd.it/m37zkr
@r_devops

Handling configuration for a single-tenant application with different startup modes

I am wondering what the best way of handling configuration for a single-tenant application would be. Bit more details on the project, it is a single-tenant application with a bootstrap mode and an active mode. On the initial deployment, it should go into the bootstrap mode, and then after that if it ever has to restart it will go into the active mode. This application will be deployed to AWS EKS in a namespace per tenant. The database will be MongoDB Atlas.

My question(s) come in how should I have the application pull the configuration from the DB both on its initial startup as well as when the pod is rescheduled to a new node due to a scaling event or instance failure. Is Mongo a good place to store this type of configuration?

Normally I would use a YAML or JSON file and have the application read that though I think that might not make much sense here because the file would be local and would need to have it reupload the config file to say S3 when a configuration change is made. How should I handle this configuration?

I don't expect configuration changes to happen often except during the initial setup by the tenant.

https://redd.it/m37eij
@r_devops

Best way to merge s3 files

I have a bunch of .ts files and an m3u8 on an s3 bucket (basically hls format). What's the best, most reliable and scalable way to convert them into mp4 and upload to onedrive? Zero data loss will be pretty important.

I am thinking of couple of solutions like lambda and elastic transcoder but some of the solutions feel like hacks. What would be the best way to do this?

https://redd.it/m364ez
@r_devops

Deploying same container with different config and then scaling them individually

So I have a web app (or 3 docker container, nginx to act as reverse proxy and web server, nodejs api container and the db container)

Everytime a new client wants to onboard, we spinup a ec2 (via terraform) and run the site_config.py (internal tool to config the site) and deploy it

It works, but updates are just painful and back-up are very basic.

So I was wondering is there anything like this which is built for it, I know bit of kubernetes and helm but we need each service to be deployed with its own config and then can scale-up or down that from there, I am very unsure if this is at all possible in k8s or helm or is there some better tooling that I could use.

PS: I hope this is the right forum for this question, if not please guide me to the right ones.

https://redd.it/m34lhu
@r_devops