86
Reddit DevOps. #devops Thanks @reddit2telegram and @r_channels
Add Users to SQL Database (Azure SQL Managed) In CI/CD Pipeline - Permissions Question
Hello,
I originally posted this in the terraform sub but it hasn't gained any traction so trying here.
I have a CI/CD pipeline in AzDevops that runs on a self-hosted agent with a user-assigned Identity. I provision a new SQL Database with terraform and want to add a user to it in the pipeline.
The only solution I've seen so far is to add the identity of the agent as an admin to the SQL server via an Entra Group. This feels bad security wise as a breach of the CI/CD agent would expose every database we have. Am I overthinking this?
Any better solutions?
https://redd.it/1ea272u
@r_devops
⚠️ Need Help Migrating MySQL DB from 8.0 to 8.0.23 in Docker
I'm in need of some assistance regarding the migration of my MySQL database.
Current Setup:
- I have a slave MySQL database running on MySQL 8.0 in a Docker container.
- I've mounted custom folders as follows:
-v /opt/mysql/data:/var/lib/mysql \
-v /opt/mysql/my.cnf:/etc/mysql/my.cnf \
-v /opt/mysql/log:/var/lib/mysql/log \
16:24:07+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2024-07-19 16:24:07+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.23-1debian10 started.
2024-07-19 16:24:32+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.23-1debian10 started.
2024-07-19 16:24:32+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2024-07-19 16:24:32+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.23-1debian10 started.
Multiple deployment channels Octo/DEVOPS
Our Octo setup has multiple deployment channels (Feature 1, Feature 2, ,Main etc) that each go through all the different environments, currently when a PR is merged in on TFS we can choose which feature branch to build to – but only ever use this for testing. Main being the only branch/package that goes all the way through to production
I currently only have 1 pipeline in devops, which will act as main and as far as I understand this will be set up as a continuous deploy, how do I cater for all the other channels in devops?
Hope I'm being clear, this is my first time doing something like this
https://redd.it/1ea1ow9
@r_devops
You teach me English I teach you DevOps
Hello everyone,
This might sound weird, but I decided to give it a try and see if I can find someone with whom we can be mutually beneficial.
I'm an experienced DevOps professional and former developer looking to exchange knowledge. I want to improve my English skills, particularly in speaking and writing, and I'm happy to help others in return.
What I'm looking for:
- Native English speakers who can help with pronunciation and accent.
- Individuals with strong grammar skills who can assist with writing and conversation.
- I'm open to communicating via chat or calls to improve both my writing and speaking skills.
What I can offer in return:
- Teaching and guidance in Linux, programming, cloud technologies, Terraform, Ansible, Kubernetes, and overall good DevOps practices.
- Assistance for experienced professionals or complete beginners looking to get into the field.
If you're interested in a mutually beneficial learning experience, please reach out! Let's help each other grow.
https://redd.it/1e9y4nd
@r_devops
Apache solr basic full text search
I'm new in Solr, I have a single node version running on docker, I have a document with a description field witch I use to search in all documents, the problem comes when I try to search for a prhase on reserve sense, for example,
Document description field: "white house".
If I search "white house" it works perfect, but if I search "house white" if does not return any document, do you know what is going on here?
regards.
https://redd.it/1e9mr0t
@r_devops
Optimizing Docker Images for Python Production Services
"Optimizing Docker Images for Python Production Services" article delves into techniques for crafting efficient Docker images for Python-based production services. It examines the impact of these optimization strategies on reducing final image sizes and accelerating build speeds.
https://redd.it/1e9imni
@r_devops
OWASP Zap SAST on Azure Dev Ops
Hi !
Is there any sample projects with preconfigured pipelines, I want to try running SAST on a sample Azure DevOps project using Owasp Zap tool.
Can you guide me for any good resource ?
https://redd.it/1e9garq
@r_devops
Confused a bit
Hello guys! I’ve a question obviously regarding devops engineering. Currently I’m talking a Data science Degree im on my second year and honestly I like so much however, my friend does a devops and he got a great job he used to study for less than a year. Because I already know and don’t have to start from the scratch i think to start learning devops along with my university. What do u think guys?
https://redd.it/1e9bmo8
@r_devops
Is there any lightweight remote development solutions ?
I am working in a bank.
We concern security very much.
So the developers(many outsourcing) can only access our code inside a remote desktops(RDP).
We are hosting those remote desktop by virtual machines, the physic computers of developers can only copy files into virtual machines, not verse visa.
but this is very resource consuming, and the the physic computers become RDP client only.
and developers suffering from lagging and connectivity problems.
I am looking for lightweight solutions.
something like, running develops tools(IDE, database client....) in docker, and let docker mount some volumes that can only be accessed inside docker.
does anyone have some experience on this ?
https://redd.it/1e976qw
@r_devops
Got annoyed at work so created a Cloud Formation to Terraform converter
Hey everyone! I am currently a SWE intern and have been working on turning a bunch of our resources from Cloud Formation to Terraform.
And this was taking hours out of my day.
I tried using CF2TF, but I thought it could be improved, so instead, I threw this together over the weekend (Thanks GPT).
Feel free to use it:
https://github.com/aperswal/CloudFormation\_To\_Terraform/tree/master
The converter can be accessed through a Flask web server. You can then upload your cloud formation files and turn them into terraform scripts.
No more vendor lock-in.
No more giving GPT your work.
No more grunt work.
The ReadMe can explain everything else. Hope you all like it!
https://redd.it/1e92jou
@r_devops
what resumes are getting interviews?
hi friends. I was a devops engineer for 6 years working as a federal contractor doing mostly build automation and working closely with development teams. I have been out of the market for 2 years due to health reasons and my resume hasn't gotten picked up for any interviews the past two months. I'm super passionate about automation and have the programming background to do it. I'm confused on how to showcase my skillset to at least get an interview. please help.
https://redd.it/1e8wyqp
@r_devops
What are some good slack communities for dev ops help?
Not just looking to get help and leave. I think I can contribute. I find myself coming to reddit/stack overflow when I'm stuck and a slack community would be great.
https://redd.it/1e8rlzc
@r_devops
Jenkins Structure
I am a QA and never used Jenkins, but trying to learn it. Now I have more answers than questions. Please help me with the following: If you use Maven, you have a zipped version of your project on the main repo after you do mvn deploy, so how does Jenkins use that? Secondly, if you already have a JAR, why do you need access to GIT. There is no compiled code there? Thirdly, how can continuous integration happen all the time, if you build if you install and deploy only some times?
https://redd.it/1e8o4kp
@r_devops
Do you also create resources in Kubernetes with Terraform?
hello. I'm a beginner.
I'm trying to configure Kubernetes for the first time to deploy my website.
I've created a managed kubernetes from a provider called vultr via terraform and installed the necessary helm charts. So far it's been pretty smooth and easy.
But my question is, do you register all the yaml files of the application after that through terraform?
The existing yaml and tf files are formatted differently, so it's quite a hassle to port them over. I'm thinking it might be easier to just use kubectl apply instead of terraform from here on out.
What do you guys think? What is your general choice when setting up Kubernetes with Terraform?
https://redd.it/1e8jipc
@r_devops
Best practices to deploy terraform
What are the best practices deploy infrastructure with terraform through pipeline?
https://redd.it/1e8iebc
@r_devops
GitFlow question, my senior is on vacation, did I fuck up?
My senior, who usually adresses all the deployment process is on vacation this week. During this time, I have to deploy several of the features he finished and some of the features I am working on. After executing the git flow workflow, my develop and my main branch are in different states, exactly main branch is 8 commits in front of develop and 14 commits behind, which does not seem fine. Taking at the difference in the commits apparently the feature branch in develop has commits that the main branch has not. Honestly i did not know how this happen as I pulled the latest version of main and develop, merged both feature branches into develop from the github webapp and then proceeded to pull develop, git flow release start (branch_name), blablabla command for code formatting & tests, git flow release finish.
Now i am a bit affraid of doing something on main outside of the common workflow, main and develop can be merged and i guess i can just go to main, merge develop and push it but I dont know if someone is going to kill me on monday. I was wondering if someone could give me any hint on how this happened and wether it can be fixed on a safe way
https://redd.it/1ea3lzr
@r_devops
Prometheus as receiver
Hello all,
I am relatively new to Prometheus and have a quick question. We want to use our Prometheus as a receiver and get metrics from a remote write Prometheus. As I have read we need to use --enable-feature=remote-write-receiver. The Prometheus installation was installed locally on a Linux Ubuntu server.
Where in which file do I have to enter --enable-feature=remote-write-receiver?
Is the endpoint that I have to pass on the remote write prometheus the following? LocalServerIP/api/v1/write ? Can I find the URL in a file? Which port is used for this?
Many thanks in advance!
https://redd.it/1ea2gtn
@r_devops
Review my resume for a 3 months experience
I have been working in this small service based company for about 7 months now but the first 4.5 months were just training/self learning . I've only really worked since mid May . I don't see myself growing much here and therefore I want to switch asap before the end of this year. I feel like my company doesn't focus much on Iaac and I miss out on a lot of good practices too. Please suggest what I can add/remove from my resume and what kind of personal projects related to devops i can add.
https://drive.google.com/file/d/1aK5ZCTxR4NJ94IXnRzAP6zw9_eJSY5-n/view?usp=drivesdk
https://redd.it/1e9zsmo
@r_devops
Help need to land a job at Qualcomm
I work as a Cloud DevOps engineer with five years of experience and have developed an interest in SRE/DevOps roles. Somehow, my resume landed at Qualcomm, and I have an interview in two days.
I'm reaching out for guidance on how to secure the job at Qualcomm. Any tips or advice would be greatly appreciated.
I can meet with you by any means. If you prefer, I can visit you. By any means, I need to secure this job. Virtual help is also appreciated!
https://careers.qualcomm.com/careers/job?domain=qualcomm.com&pid=446700194811&query=Azure&location=Hyderabad%2C%20Telangana%2C%20India&domain=qualcomm.com&sortby=relevance&triggerGoButton=false&jobindex=0
Thank you!!
https://redd.it/1e9naqy
@r_devops
Preventing a Crowdstrike Level Issue: How CI/CD on Hardware Can Save Your System
Hi there, I'm Andrew, I specialise in DevOps for embedded systems. The firmware level bug that occurred with CrowdStrike reminded me of similar bugs I have faced in the past (although normally Linux based) and I wanted to share my opinion. Let me know if you have any questions about the video?
https://youtu.be/gTM8ALApd9w
https://redd.it/1e9li0e
@r_devops
overlay2 docker
Hello everyone,
I have three Docker images (with three running containers for each one). When running df, I get this output. I want to understand why I am seeing "overlay" as a filesystem. Also, I know that the values shown in the last three lines are not the actual consumption, but I want to understand that output. If anyone has good resources or can help me understand this, I would appreciate it.
Thanks!
root@vps-b9722401:\~# df
Filesystem 1K-blocks Used Available Use% Mounted on
udev 7985704 0 7985704 0% /dev
tmpfs 1600636 2088 1598548 1% /run
/dev/sda1 162406320 113882840 48507096 71% /
tmpfs 8003176 1564 8001612 1% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 8003176 0 8003176 0% /sys/fs/cgroup
/dev/sda15 106858 6165 100693 6% /boot/efi
/dev/loop4 94080 94080 0 100% /snap/lxd/23991
/dev/loop5 94080 94080 0 100% /snap/lxd/24061
tmpfs 1600632 0 1600632 0% /run/user/0
/dev/loop9 65536 65536 0 100% /snap/core20/2264
/dev/loop0 39680 39680 0 100% /snap/snapd/21465
/dev/loop1 57088 57088 0 100% /snap/core18/2823
/dev/loop6 65536 65536 0 100% /snap/core20/2318
/dev/loop2 39808 39808 0 100% /snap/snapd/21759
/dev/loop10 57088 57088 0 100% /snap/core18/2829
overlay 162406320 113882840 48507096 71% /var/lib/docker/overlay2/8ebc68cf46b422fe00520449fa3a6f73b3b24f809a876ce593d51d655cee4df3/merged
overlay 162406320 113882840 48507096 71% /var/lib/docker/overlay2/f9e8a5d328c6d634d8d9ef163c426f3f0e8ab765f021f538eaeabaed1580c0ec/merged
overlay 162406320 113882840 48507096 71% /var/lib/docker/overlay2/b7bde037021c93ab7127b83d513288488a118c9cf19b2929df112d75a386cbf0/merged
https://redd.it/1e9hsl7
@r_devops
Need some career advice
Hi all,
I have 3 years of experience in DevOps at the same organization based in India. I have worked with various common DevOps tools but haven’t had the chance to work with Kubernetes. My current organization doesn’t use Kubernetes much. I recently cleared the CKA by studying Kubernetes for about 3-4 months.
Now, the issue is that I don’t have any hands-on experience with Kubernetes, and I am finding it difficult to switch to a new job because every interview includes Kubernetes questions, mostly scenario-based, which I find challenging to answer. Could you suggest how I should approach this situation? How can I gain some hands-on experience, such as by creating my own projects? Any input is appreciated.
Thank you in advance.
https://redd.it/1e9csyz
@r_devops
Got my first internship in IT. Is this a good area to get into DevOps later?
Hi folks! I just got my first job as an intern in observability. I'll be working with SQL and Grafana. I really like DevOps, and I want to know your opinion on whether this internship will be beneficial for my resume to get into DevOps later.
https://redd.it/1e96rch
@r_devops
Your thoughts on platform for AI accelerated cloud IAM management
So a group of other devops engineers and myself have developed an cool platform for managing all IAM permissions in the cloud. We solve a few things -
1. One click import of all IAM objects from your cloud platform into a Terraform managed repo and state initiation 2. Visual graph style display for all objects and their relationships
3. Changes are performed on the repo by GenAI with freetext input , which creates a pull request automatically - once it gets approved the change gets applied.
4. Integration with company Slack - change requests are received by the app, processed and the relevant stakeholders are sent messages for approval.
5. For regulatory requirements such as SOC2, one click pdf report generation of current permission status, changes that were made during the last quarter etc.
This really helps out with tons of pain points that we experience in our day to day work.
I'd really like to hear your thoughts on this
https://redd.it/1e96dx6
@r_devops
Docker for jenkins
I am trying to study up on Jenkins. i understand that Docker Image is just a container, a sort of an end point of Jenkins pipeline, that contains built project that would eventually go to Tomcat. However, what is the whole point of creating an Image. Why it is not possible to incorporate Jenkins with the Docker itself?
https://redd.it/1e91c8r
@r_devops
Can you help audit my nodejs dockerfile?
This docker image takes forever to build every time, even when the change is minor. I was trying to download dependencies in earlier layers in order to avoid running \`npm i\` every time, but it seems like it doesn't work.
FROM public.ecr.aws/lambda/nodejs:20
RUN dnf update
# this lambda has a python co-dependency for music21. These deps are needed for that.
RUN dnf install -y python3 pkgconfig libX11-devel libXi-devel make gcc g++ mesa-libGL-devel
RUN npm i typescript -g
RUN mkdir -p /tmp/app
COPY . /tmp/app
RUN cp /tmp/app/canela-medium.ttf ${LAMBDA_TASK_ROOT}/canela-medium.ttf
RUN cd /tmp/app && npm ci
RUN cd /tmp/app && rm -rf test
RUN cd /tmp/app && npm run build -- --outDir ${LAMBDA_TASK_ROOT}
# Running npm in task root up front should reduce rebuild-time to only typescript compile (hopefully)
RUN cp /tmp/app/package*.json ${LAMBDA_TASK_ROOT}
RUN cd ${LAMBDA_TASK_ROOT} && npm ci --omit=dev
RUN rm -rf /tmp/app
WORKDIR ${LAMBDA_TASK_ROOT}
# Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile)
CMD [ "index.handler" ]
I don't think it's the packahge-lock. It doesn't change much.
https://redd.it/1e8s6nj
@r_devops
Does it make sense to base your entire career about Kubernetes?
Worked as a DevOps engineer for 3 years now. Gained great experience with AWS Infrastructure, Terraform, Docker, bash scripting, CICD via Github Actions. Touched Kubernetes a little bit, but now going for my CKA and want to get a lot more proficient in it.
Just wondering if there are any of you that have a role that is almost entirely based around K8s, or do you just see it as another tool you use, rather than a specialisation of your career/future prospects?
I'm also really interested in improving my Go skills, as I really like Cloud Native products and the whole culture around open source with the Linux Foundation.
https://redd.it/1e8pz2f
@r_devops
Anyone hire someone right out of school for DevOps?
If so, how did it go? My team is considering hiring for an associate/fresh grad.
https://redd.it/1e8llwd
@r_devops
👋 Hi dudes! I built my first React JS app all of your feedback means a lot to me and it can help develop my skills
https://goliathreaper.github.io/Procrastination/
https://redd.it/1e8jkda
@r_devops
Running queries on production
Hi,
We are a small company in a heavily regulated space with tons of vendors. We usually face this issue of wrong data in our system and have to manually correct it. We used to raise a PR for migration in an repo and use pipeline to run it on prod but we are not allowed to do this if there's PII data (as Github has servers outside our country, so regulation forbids) involved in the query which is usually the case.
Looking for some solution which can help put approvals on the queries, maintain audit logs and if PII then it needs to reside in the country.
https://redd.it/1e8hch5
@r_devops