#general (2020-04)

General conversations related to DevOps/Automation

General Discussions

2020-04-30

SweetOps avatar
SweetOps
07:00:13 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @

Good to have you here =)

:--1:3
1
Ankit avatar
Ankit

I came across this Slack workspace because I was applying to a job at Cloud Posse but I have to say I am finding this is an amazing resource for day to day devops tools. Thank you for this!

2020-04-29

RB avatar

If you use GitHub you’ve probably seen how unstable it’s been in the last couple months. We subscribe the companys engineering to their githubstatus email subscription which contains the unsubscribe button.

How do devops and IT prevent people manage email subscriptions? Can you prevent people from hitting the unsubscribe button? Or can the link be removed from the email completely?

loren avatar
loren

performance reviews?

Matt Gowie avatar
Matt Gowie

I’d push notifications to company Slack / Microsoft Teams > Email.

RB avatar

That’s true. I’ve been doing that by using the /feed to subscribe to githubs rss feed

RB avatar

It’s too bad we can’t do that as easily from email

loren avatar
loren

you can send email to a slack channel… is that what you mean?

loren avatar
loren
Send email to Slack | Slack Tips attachment image

Efficiently share those “can’t miss” emails with your team members. Learn how to direct emails into Slack by following these simple steps.

RB avatar

oh perhaps im misunderstanding. i was assuming @Matt Gowie meant subscribing to the rss feed from within slack. can you also subscribe an email list directly to slack if the email list doesnt have an rss feed ?

RB avatar

oh wow, thanks @loren!

:--1:1
sheldonh avatar
sheldonh

Would really be interested if anyone has actually tried this service to talk about it on today’s call. http://relay.sh/

While I love coding, the level of plumbing/yak shaving required to get automation on various platforms to talk to each means we often just have a lot of automation debt hanging around. This seems super promising as IFTTT/Zapier for DevOps. I have a call to talk with them this week. I really would be interested in if anyone else has explored this to hear more from you

Puppet Relay

Puppet Relay is a DevOps automation platform for Cloud-Native Infrastructure

Chris Fowles avatar
Chris Fowles

all devops is sticky tape and bubble gum. might as well standardise the gum we’re chewing! looks cool

Puppet Relay

Puppet Relay is a DevOps automation platform for Cloud-Native Infrastructure

Zachary Loeber avatar
Zachary Loeber

As long as I don’t have to use Ruby, blech

Chris Fowles avatar
Chris Fowles

why is it always ruby

Zachary Loeber avatar
Zachary Loeber

Any language that has whole articles on ‘truthiness’ scares me…

Chris Fowles avatar
Chris Fowles

especially when it can be mostly summed up into one sentence

sheldonh avatar
sheldonh

I had a leader use “devopsy stuff” when describing work I did today lol

Zachary Loeber avatar
Zachary Loeber

I want that on my business card, I like it

SweetOps avatar
SweetOps
07:00:10 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @

Good to have you here =)

2

2020-04-28

SweetOps avatar
SweetOps
07:00:20 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @

Good to have you here =)

ikar avatar

Hey there! …not sure if this is the right channel for my questions, I’ll try:

• do you use bastion servers in general or do you prefer AWS SSM Sessions? - seems like a kind of “vendor lock-in”

• are you still able to ansible your infra? also including dynamic playbooks?

• are you able to simply ssh using some tool like aws-fuzzy-finder? (https://github.com/pmazurek/aws-fuzzy-finder) I don’t want to manually update my .ssh/config with each infra updates since we create and delete instances quite frequently

pmazurek/aws-fuzzy-finder

SSH into instances using fuzzy search. Contribute to pmazurek/aws-fuzzy-finder development by creating an account on GitHub.

roth.andy avatar
roth.andy

Check out aws-vault. Makes using a temp session virtually invisible

99designs/aws-vault

A vault for securely storing and accessing AWS credentials in development environments - 99designs/aws-vault

roth.andy avatar
roth.andy
[profile personal]
region=us-east-1
output=json
credential_process=aws-vault exec personal --json
ikar avatar

Thanks @roth.andy! will check that

2020-04-27

SweetOps avatar
SweetOps
07:00:16 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @

Good to have you here =)

2020-04-26

SweetOps avatar
SweetOps
07:00:05 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @

Good to have you here =)

:--1:2
sweetops1
1
Gautam Sidhu avatar
Gautam Sidhu

Hello All

M Azim Khatri avatar
M Azim Khatri

Good Afternoon to all

2020-04-25

SweetOps avatar
SweetOps
07:00:17 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

praveen.kumar3350 avatar
praveen.kumar3350

jfraley avatar
jfraley

Harsha avatar
Harsha

2020-04-24

Gaurav avatar
Gaurav

Ok @David

David avatar
David

Hello! I might be missing some context here. What’s up?

SweetOps avatar
SweetOps
07:00:05 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @

Good to have you here =)

Ayman avatar
Ayman

Glad to be here! Really nice community!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Welcome @!

Ayman avatar
Ayman

Thanks @Erik Osterman (Cloud Posse)! Just stumbled on your company yesterday and I’m really impressed with your open philosophy! Trying to open source my knowledge/experience as well.. but there’s that time thing lol!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Too true. It’s a massive time commitment. But just place one grain of sand at a time and eventually it turns into a mountain

:--1:1
Mario Feliz avatar
Mario Feliz

I found this community, no long ago. Happy to be here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Good to have you here

2020-04-23

roth.andy avatar
roth.andy
I hate MVPs. So do your customers. Make it SLC instead.

Product teams have been repeating the MVP (Minimum Viable Product) mantra for a decade now, without re-evaluating whether it’s the right way to maximize learning while pleasing the customer. …

:--1:3
SweetOps avatar
SweetOps
07:00:10 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @Haili Zhang
  • @
  • @

Good to have you here =)

:--1:4
4
Zachary Loeber avatar
Zachary Loeber

The cult of DevOps grows stronger! I mean, welcome aboard new members.

3
Asrar avatar
Asrar

I wouldnt call my self a DevOps guy yet. more of a developer trying to figure out how the hell some of this Ops related stuff works

Zachary Loeber avatar
Zachary Loeber

You are at the right place then

bradym avatar
bradym

Dude, don’t scare them away on day one!

1
1

2020-04-22

Zachary Loeber avatar
Zachary Loeber

An absurdly long (1505 pages!) SRE handbook I stumbled across the other day. Mostly foundational stuff but worth a once over: https://legacy.gitbook.com/book/s905060/site-reliability-engineer-handbook/details

Site Reliability Engineer HandBook · GitBook (Legacy)

site-reliability-engineer-handbook: Site Reliability Engineer HandBook

thumbsup_all2
SweetOps avatar
SweetOps
07:00:12 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @
  • @

Good to have you here =)

:--1:1
1
Mathieu Frenette avatar
Mathieu Frenette

Hey everyone! Glad to be here! I just started setting up a Geodesic module for our new Codefresh pipeline and I was wondering who here has already done it and/or maybe which channel would be best to ask any questions about Geodesic?

Lauren Langdell avatar
Lauren Langdell

Hey everyone, I’m hosting a Women in DevOps webinar next week with the CEO of LaunchDarkly, One of the Hasicorp team (Name TBC), a really great woman from Google, she wrote the SRE book around how these remote times how to maintain best-practice and progress. If anyone fancies joining and getting involved than please do its at 12pm PDT on 4/30. It’s completely free and would love to see some new faces https://www.meetup.com/Women-in-DevOps/events/270083899/

Global Edition: How to stay well educated remotely attachment image

Thu, Apr 30, 2020, 8:00 PM: From the comfort of your own home, relax and connect with us as we launch our new Women in DevOps webinar series. In this webinar episode we will touch on the ‘Global Editi

2
:--1:3
Lauren Langdell avatar
Lauren Langdell

ps. I need to update the flyer!

2020-04-21

SweetOps avatar
SweetOps
07:00:19 PM

Hey everyone, give a warm welcome to our newest members!

  • @

Good to have you here =)

:--1:1

2020-04-20

SweetOps avatar
SweetOps
07:00:10 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @

Good to have you here =)

2020-04-19

SweetOps avatar
SweetOps
07:00:03 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

2

2020-04-18

SweetOps avatar
SweetOps
07:00:09 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

1
msoyer avatar
msoyer

Thanks

roth.andy avatar
roth.andy

Started a repo for practicing with Istio. I’d love it if some people tried it out and provided any feedback you might have. It assumes that you already know your way around Docker and Kubernetes.

https://github.com/RothAndrew/istio-practice

RothAndrew/istio-practice

Repo to collect the things I do to practice with Istio - RothAndrew/istio-practice

2020-04-17

SweetOps avatar
SweetOps
07:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

2020-04-16

Richard Pearce avatar
Richard Pearce
Krzysztof Wilczyński posted on LinkedIn attachment image

Building Secure and Reliable Systems is now available for free in digital formats! https://lnkd.in/e5cEjYF I'm one of many Googlers who helped write, …

:--1:2
Abel Luck avatar
Abel Luck

Are there any other cloud providers out there offering a service like AWS SSM param store and or session manager?

loren avatar
loren

azure has their bastion service, is this the feature of session manager you’re referring to? https://azure.microsoft.com/en-us/services/azure-bastion/

Azure Bastion | Microsoft Azure

Azure Bastion provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure Portal.

loren avatar
loren

and they have app configuration, which sounds some like the parameter store… https://azure.microsoft.com/en-us/services/app-configuration/

App Configuration | Microsoft Azure

Get hosted, universal storage for all your Azure apps with Azure App Configuration, built for speed, scalability, and security.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
EnvKey - smart, end-to-end encrypted configuration and secrets management attachment image

Protect API keys and credentials. Keep configuration in sync everywhere.

Abel Luck avatar
Abel Luck

Hey thats pretty cool

SweetOps avatar
SweetOps
07:00:18 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @

Good to have you here =)

2
sheldonh avatar
sheldonh

Have proposal to allow tooling/project/module that is general and not company specific to be published on github publicly by engineers. I blog regularly and have been advocating for this to be openly supported and finally have progress. I would like a policy that promotes trust but also gives the company that is used to everything being locked down a policy to assure what type of material is permitted and some basic log of this.

a prebuilt policy out there would really help. Having trouble finding one.  I’m not looking to publish under company github account, just share tooling/automation oriented work. 

The essence of what I’d summarize: 

Assumed

• No secrets… ever

• No logins/references to company

• No business logic

• No database schema for business application Allowed Types of Code Automation, infrastructure-as-code (minus any specific company configurations), developer tooling (like helper scripts and apps that just help workflow and save time) contributions to open source to improve tooling we leverage Blogging on general technology concepts learned (excluding anything of course sensitive or giving knowledge to competitors on projects or anything else)

Process

• run history scan for secrets to validate repo history

• validate license and disclaimer applied

• log with manager and register in central log/workitem tracking to have record of it

… in progress… hoping for a jump start. Again this is all very much “got a build-harness thing here” or “terraform module to contribute on managing github repos” etc…

loren avatar
loren

that tracks pretty closely with our (less formalized) requirements for open sourcing projects on our public github org

1
chonan tsai avatar
chonan tsai

@sheldonh very intrigued by what you wrote here. looks interesting.

i remember this year at SCale 18x there were a few sessions on building and promoting open source projects. you should check out their youtube videos.

btw, do you mind sharing your blog url?

sheldonh avatar
sheldonh

sure. sheldonhull.com

Its a good opportunity to do this, just have to approach it right as company from a company with no history tmk of open source contributions or regular blogging. any templates/or whatever welcome and appreciated

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@sheldonh are you able to join us on #office-hours today? Maybe this is something we can discuss.

sheldonh avatar
sheldonh

Hey thanks for the reminder. I might be able to listen in (in middle of some work.) That’s starting right now right?

sheldonh avatar
sheldonh

wait that’s in an hour. Even better. I’ll try to make it. I really enjoyed the last one. I felt smarter after it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yep, in 1 hour. Will you be able to join with mic?

sheldonh avatar
sheldonh

I’ll do my best. Might get pulled into something different, but hopefully no conflicts

2020-04-15

SweetOps avatar
SweetOps
07:00:15 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

paultath81 avatar
paultath81

glad to join

1

2020-04-14

RB avatar

has anyone deployed sourcegraph? looks like a much better version of opengrok

RB avatar

i don’t see any public terraform modules for it but i wonder if the https://github.com/turnerlabs/terraform-ecs-fargate module can be used with its docker container to deploy it

turnerlabs/terraform-ecs-fargate

A Terraform template used for provisioning web application stacks on AWS ECS Fargate - turnerlabs/terraform-ecs-fargate

Soren Martius avatar
Soren Martius

GitHub today announced that all of its core features are now available for free to all users!

https://techcrunch.com/2020/04/14/github-is-now-free-for-all-teams/

GitHub is now free for all teams – TechCrunch attachment image

GitHub today announced that all of its core features are now available for free to all users, including those that are currently on free accounts. That means free unlimited private repositories with unlimited collaborators for all, including teams that use the service for commercial projects, as we…

:--1:3
Zachary Loeber avatar
Zachary Loeber

Some devops patterns deserve their own name, here are a few to start with -> https://zacharyloeber.com/2020/04/devops-patterns/

DevOps Patterns attachment image

DevOps Patterns - Zachary Loeber’s Personal Site

:--1:2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

is great. could also be considered as “trends”

DevOps Patterns attachment image

DevOps Patterns - Zachary Loeber’s Personal Site

loren avatar
loren

nice article. very helpful to discuss patterns like this. i think i consider ConfigOps to be GitOps? or at least, my interpretation of GitOps

Zachary Loeber avatar
Zachary Loeber

I believe you could perform ConfigOps within GitOps. But you don’t need to be practicing wholescale GitOps to practice a ConfigOps pattern. Perhaps it is just a matter of nuance that doesn’t matter so much though and i’m being nit picky

Zachary Loeber avatar
Zachary Loeber

I had several other terms I wanted to put in there. I sort of avoided GitOps as it was a bit more of an obvious pattern to me. Perhaps I’ll throw down my interpretation of that one as well to see how hard I get smacked down for it

loren avatar
loren

yeah, i know GitOps started with containers specifically in mind. but i guess i generalize it to just keeping configuration in git and having pipelines that apply those configs

Zachary Loeber avatar
Zachary Loeber

I had considered putting gitops as a term but it means too many different things for too many different people right now. <blank>Ops all have one thing in common, they start with version control and end with delivery of artifacts from it. I threw in ConfigOps specifically because I ran into a scenario where it would be disingenuous of me to call a solution I helped put into motion ‘GitOps’ as it was still not automating deployment in a watch/pull pipeline model as so many GitOps tools do (flux/argocd being the prime examples). Instead it was a repo constructed from the output elements of a large terraform manifest, one per environment which included multiple per-team and client sub-environment’s settings and included pipeline as code for then pushing all those settings into their pipeline system of choice (azure devops) for use in other deployment pipelines (that were also in that repo). Everything was still a push model (one of the deployments even built out and configured a kube cluster within the created environment) but changes to the deployment configuration were able to be controlled via git PRs

Zachary Loeber avatar
Zachary Loeber

Perhaps a proper term for push vs. pull based devops solutions is in order

Zachary Loeber avatar
Zachary Loeber

I’ve also seen a ton of work go into automating pipelines only to be undercut by manual changes of configuration elements for the pipelines

loren avatar
loren

i think my idea of a pipeline also ends up being different i don’t really like the way, say, jenkins does things, or codepipeline. i like when the git repo owns everything

loren avatar
loren

so i tend to build things in a way that events in the git repo drive the pipeline. which is more of that “push” approach

Zachary Loeber avatar
Zachary Loeber

Partially why I hugely favor pipeline independence where I can make it happen

loren avatar
loren

i like the pipeline independence term. i stress that with our team, have a makefile (or other command runner) that you can use locally to exercise a build, and also have the pipeline use that same runner

Zachary Loeber avatar
Zachary Loeber

I try to do the same, it has been a life saver on more than a few occasions

Zachary Loeber avatar
Zachary Loeber

@loren thanks for your feedback btw, I’ve come to respect your opinion quite a bit

loren avatar
loren

anytime! i’ve learned so much from folks in this slack. it’s really great to be able to contribute back when i can

SweetOps avatar
SweetOps
07:00:18 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @
  • @
  • @

Good to have you here =)

2
chonan tsai avatar
chonan tsai

Happy to here. Can’t wait to listen fro the grp

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Glad you stopped by!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we’ll be in the #office-hours channel as well on Zoom tomorrow

rocketmaniac avatar
rocketmaniac

@Erik Osterman (Cloud Posse) thanks so much for the opportunity to join this group!

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Glad to have you here!

2020-04-13

SweetOps avatar
SweetOps
07:00:11 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @niko

Good to have you here =)

alrightythen1
1
Doug Lethin avatar
Doug Lethin

hey all. hope you’re safe and well during these crazy times.

Zachary Loeber avatar
Zachary Loeber

Likewise

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks!

kenneth avatar
kenneth

What is the best tool to capture packages on EC2 level? Has anybody used tool called “gigamon”?

Zachary Loeber avatar
Zachary Loeber

gigamon, that’s some kind of Japanese Godzilla monster right?

2020-04-12

2020-04-11

SweetOps avatar
SweetOps
07:00:14 PM

Hey everyone, give a warm welcome to our newest members!

  • @justin.holdsworth
  • @
  • @
  • @

Good to have you here =)

:--1:2

2020-04-10

SweetOps avatar
SweetOps
07:00:02 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @

Good to have you here =)

2

2020-04-09

Abel Luck avatar
Abel Luck

We’ve been using confd for a long time to generate application config files from SSM param store, it’s no longer maintained however and there are some bugs.

Do you all use something else similar?

Specifically the use case is generating config files at instance runtime, populating values from ssm parameter store.

kelseyhightower/confd

Manage local application configuration files using templates and data from etcd or consul - kelseyhightower/confd

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

gomplate can do a lot of the same things

kelseyhightower/confd

Manage local application configuration files using templates and data from etcd or consul - kelseyhightower/confd

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

very well maintained by @hairyhenderson

hairyhenderson avatar
hairyhenderson

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
hairyhenderson avatar
hairyhenderson

(I don’t know about “very well” - it’s been months since I’ve cranked out a release )

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Haha, well, sometimes tools reach a level of maturity they don’t need constant updates. There’ll always be a sea of feature requests.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We’ve been using the tool for many years now and it “just works”

Abel Luck avatar
Abel Luck

confd has been “just working” for us for years now too. except recently. i love tools that get mature, no recent commits isn’t a bad thing. but the author is MIA and not responding even to questions of whether the project will be updated ever, so we’re a little nervous

:--1:1
Abel Luck avatar
Abel Luck

had no idea gomplate supported remote datasources like AWS param store, that’s great!

hairyhenderson avatar
hairyhenderson

more remote datasources are coming… eventually I’ve been kinda spinning my wheels the past few months adding support for config files - almost finished on that, and then I’ll be able to focus on more datasources and functions

hairyhenderson avatar
hairyhenderson

I want to get some better support for GCP too

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I’m excited about config files! I think that will be a nice addition to gomplate

hairyhenderson avatar
hairyhenderson

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

while were geeking out on cli tools, have you seen @mumoshu’s #variant?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
mumoshu/variant2

Turn your bash scripts into a modern, single-executable CLI app today - mumoshu/variant2

Abel Luck avatar
Abel Luck

gomplate is awesome. Just used a combination of SSM and yaml config file data sources to template out our packer.json.

Abel Luck avatar
Abel Luck

@Erik Osterman (Cloud Posse) i’ve taken a cursory look at variant2, but I don’t grok it yet. Seems like a strange abstraction over a shell script. I guess I don’t have such hairy shell scripts that need it?

Abel Luck avatar
Abel Luck

Can it be used to replace Makefiles?

hairyhenderson avatar
hairyhenderson

I’ve heard of Mage for replacing makefiles - https://magefile.com - been considering switching to it myself…

Zachary Loeber avatar
Zachary Loeber

you likely meant magefile.org

Zachary Loeber avatar
Zachary Loeber

If you are a powershell nut I’d give invoke-build a look as well (https://github.com/nightroman/Invoke-Build). It’s a masterpiece of posh coding and build automation done in an exceptionally thoughtful and tight manner.

nightroman/Invoke-Build

Build Automation in PowerShell. Contribute to nightroman/Invoke-Build development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

The outcome of variant is you have a cli that everyone in your company can use on any platform that has built in testing and none of the baggage of shell scripts

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It’s a DSL (in HCL) for expressing all the commands a human would ordinarily run. Much like make you can pipeline and have dependencies.

Zachary Loeber avatar
Zachary Loeber

It looks like a sweet wrapper that turns scripts that ‘feel’ like hacks into singular binary releases?

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Make is very difficult to test. Makefiles become complicated as everything is passed with envs. Envs are hard to validate in make. As the project grows so does the complexity. We wrote the build-harness in make, but it’s pushing the limits I think.

Zachary Loeber avatar
Zachary Loeber

I can speak from personal experience that you CAN push make to crazy limits but it is 50+ year old tech that probably shouldn’t be.

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Bash, python, Zha, fish, ruby, go etc can also be used to write the cli. Ordinarily this reduces the the number of people who can contribute. It is expressed as a DSL to avoid complexity. Later, when you have proven your cli interface and have a few people to maintain it in go, you can rewrite it.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

But chances are the quick wins with variant will be hard to beat. You can have your cli written in a day.

1
Zachary Loeber avatar
Zachary Loeber

I use Make or Invoke-Build as ways to attempt to create declarative state tools in an imperative manner. I’ll still use them to get things done in the short term but am actively scoping out methods/tools out of such reliance.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think variant is more of a competitor to “build your own cli” in one or these 12 dozen languages, rather than a Makefile killer. I think a lot of us have used make for operations because it exists everywhere and is simple to get started with. I think I would still use make to build my variant project :-)

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

But this reduces make a few targets and then my variant based cli will handle the rest

Zachary Loeber avatar
Zachary Loeber

Plus mumoshu is a genius so if he is making tooling for something then it may be worth paying attention to. Just sayin’

:100:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Haha too true

Abel Luck avatar
Abel Luck

Unfortunately we deploy some apps that cannot be configured via env vars, and require runtime specific info that cannot be baked into AMIs (like instance ip address).

Abel Luck avatar
Abel Luck

If we could find a way to trigger SSM State Associations after an instance from a auto scaling group boots.. we could remove the confd dep.

loren avatar
loren

we’ve done this, using cloudformation…

Type: AWS::SSM::Association
Properties:
  Name: AWS-JoinDirectoryServiceDomain
  Parameters:
    directoryId:
      - Ref: DomainDirectoryId
    directoryName:
      - Ref: DomainDnsName
  Targets:
    -
      Key: tag:aws:cloudformation:stack-id
      Values:
        - Ref: AWS::StackId
loren avatar
loren

autoscaling also applies tags, so should be able to do the same using the autoscaling tag

loren avatar
loren

can probably create the ssm association using terraform, if that’s your jam

loren avatar
loren

aws:autoscaling:groupName

Abel Luck avatar
Abel Luck

this implies that ssm associations are executed automatically when an asg launches an instance with the tag in that association’s targets

Abel Luck avatar
Abel Luck

I was under the impression that the ssm associations only execute via the schedule or when manually started

loren avatar
loren

all i can say is it works for us

Abel Luck avatar
Abel Luck

interesting! I will experiment

sheldonh avatar
sheldonh

SSM associations can be Cron based. However I just bootstrap with it. No schedule needed. On first creation or changing assocation it will run against all targeted instances as it checks missing assocation having been applied.

Abel Luck avatar
Abel Luck

I just discovered the same! That’s great.

SweetOps avatar
SweetOps
07:00:17 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

2020-04-08

setheryops avatar
setheryops

Good courses here and a good deal. https://training.linuxfoundation.org/april-2020-promo/

SweetOps avatar
SweetOps
07:00:10 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @

Good to have you here =)

2020-04-07

SweetOps avatar
SweetOps
07:00:08 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @

Good to have you here =)

:--1:1
bradym avatar
bradym

Anyone use lerna (https://github.com/lerna/lerna)? About ready to nuke a monorepo of npm modules and create individual repos for each one cause I can’t figure out how to get lerna to publish only the packages that have actually changed.

lerna/lerna

A tool for managing JavaScript projects with multiple packages. - lerna/lerna

bradym avatar
bradym

my lerna.json:

{
  "npmClient": "yarn",
  "command": {
    "publish": {
      "registry": "<https://gitlab.com/api/v4/packages/npm/>"
    }
  },
  "packages": [
    "packages/*"
  ],
  "version": "independent"
}

And in my CI pipeline:

lerna --loglevel debug bootstrap --no-ci
lerna --loglevel debug run dist
lerna --loglevel debug version $VERSION_OPTIONS --yes --message "[skip ci] Publish"
lerna --loglevel debug publish from-package --git-head "$CI_COMMIT_SHA" --yes

$VERSION_OPTIONS is set based on the gitlab merge request title to one of: patch, minor, major

lerna/lerna

A tool for managing JavaScript projects with multiple packages. - lerna/lerna

bradym avatar
bradym

And when I make a change to a single package, lerna tries to publish all the packages.. which is currently failing as different packages have different version numbers (as you’d expect in independent mode)

bradym avatar
bradym

Anyone have any insight?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@btai did you have a look at pomerium in your search for identity proxies?

btai avatar

i didn’t

loren avatar
loren

linking since the straight google search was not helpful https://github.com/pomerium/pomerium

pomerium/pomerium

Pomerium is an identity-aware access proxy. Contribute to pomerium/pomerium development by creating an account on GitHub.

:--1:2
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(or anyone else for that matter )

2020-04-06

Abel Luck avatar
Abel Luck

Anyone used rundeck before? Care to share your use case and thoughts/experiences?

bradym avatar
bradym

I use rundeck. Here are a few ways we use it:

• Anytime we need a cron job, we set it up as a scheduled rundeck job. This gives us a central place to manage all jobs and easy access to logs for any engineer.

• Our CI pipelines hit rundeck to trigger a deploy of our apps and to cleanup test envs that are no longer needed.

• It’s nice to be able to give engineers access to specific jobs that they can run themselves. Their documentation has been getting better, but it’s still hit and miss for some things. They have a google group (which they said was going to be shut down in favor of using stack overflow, but hasn’t happened yet) and tags on stack overflow. They’ve got a guy who responds to pretty much all questions and is helpful in pointing people in the right direction.

I’ve filed a few bugs, one was confirmed and addressed almost immediately but others have not been acknowledged yet.

Overall I’m quite happy with rundeck, but it does have some rough edges here and there.

Abel Luck avatar
Abel Luck

Do you self host? If so, how much effort is it to maintain? How do upgrades go?
Our CI pipelines hit rundeck to trigger a deploy of our apps and to cleanup test envs that are no longer needed.
Ooh, that is quite nifty. We use hosted gitlab, and I’ve balked at storing deployment creds there, this seems like a nice way around that.

Abel Luck avatar
Abel Luck

What’s the sharpest rough edge you’ve encountered?

bradym avatar
bradym


Do you self host?
Yes. We are using the open source version and hosting it ourselves. We’re currently in transition and have two deployments: one is Rundeck 2 on an aws instance, and we’re transitioning to rundeck 3 deployed in a k8s cluster.
how much effort is it to maintain?
Very little, once setup I’ve not needed to do much maintenance on rundeck at all.

bradym avatar
bradym


How do upgrades go?
They publish upgrade guides to point out issues between upgrade versions, and as long as you read those first it’s usually not bad. I do recommend keeping up with the minor releases so when a new major version comes out (it’s only version 3 so it doesn’t happen often) it’s not as painful. The good news is that the projects and jobs that I’ve imported from 2 to 3 have transitioned without any issues.

bradym avatar
bradym


We use hosted gitlab, and I’ve balked at storing deployment creds there, this seems like a nice way around that.
We’re in the same boat. The other nice thing about this is if you need to do a manual deployment (say you change an env var in SSM and need a redeploy to get it) you can use the same rundeck job to do the deploy as your code-triggered deployments. That means you’ve got one place to do deployments and a single source of deploy logs, regardless of how they were triggered.

bradym avatar
bradym


What’s the sharpest rough edge you’ve encountered?
Hands down, documentation. I already mentioned it’s been improving and there’s a decent community (and someone who appears to be a dedicated at least part time to community support) so I wouldn’t consider it a show stopper, just go in with your eyes open and don’t hesitate to ask questions here or on stack overflow. The google group is also a good resource, especially since it’s searchable – https://groups.google.com/forum/#!forum/rundeck-discuss

bradym avatar
bradym

Since I’d already mentioned that I’ll give another one: their ACL can be challenging to work with. They’ve recently made some pretty significant improvements to their documentation in this area and moved the ACL into the database so it can be modified more easily via the GUI (though it’s still editing YAML), so again, it’s improving.

bradym avatar
bradym

I’ve setup our rundeck 3 instance to use gitlab for authentication, and it’s really nice. I’m using https://github.com/oauth2-proxy/oauth2-proxy to handle that.

oauth2-proxy/oauth2-proxy

A reverse proxy that provides authentication with Google, Github or other providers. - oauth2-proxy/oauth2-proxy

Abel Luck avatar
Abel Luck

Abel Luck avatar
Abel Luck

Many thanks @bradym I am going to give it a spin in our dev environment

Abel Luck avatar
Abel Luck

I haven’t started looking at docs yet, so maybe this would be answered easily: but does it support “groups” in a fine grained way? We work on a bunch of client projects with our won ops team and ops members of the clients. It would be critical that we could create “groups” for each client to keep their stuff separate from the rest, and of course put users in those groups so they can only see their own stuff.

You mention the ACL can be challenging to work with.. would this be possible?

bradym avatar
bradym

Yes, groups work well with ACL. The ACL works well, it’s just not the most intuitive system for setting things up.

In our setup I have three groups: devs, senior devs, and ops. Members of the senior devs group can trigger prod deployments while devs can trigger deployments in stage and view prod deploy logs. Ops run any jobs.

bradym avatar
bradym

What I’d probably do in your case is setup a different project for each client, and use group membership to limit what they can see / interact with to the projects they need.

Primoz Cankar avatar
Primoz Cankar

Hi there. I’m trying to implement a cloudposse/bastion with cloudposse/hithub-authorized-keys. I’ve managed to set it up on a ubuntu host runnign both from a docker container. I’ve hit an issue with github-authorized-keys etcd caching. I’ve installed etcd on the ubuntu host and its visible inside the github-authorized-keys container when I run netstat -tlpn but I’m getting this error: `

{"class":"ETCDCache","level":"error","method":"Set","msg":"Storage: Connection failed","time":"2020-04-03T20:04:22Z"}

Can anyone help be debug this? I’ve also oppened a github issue with more details: https://github.com/cloudposse/github-authorized-keys/issues/32

ETCDCache Storage: Connection failed · Issue #32 · cloudposse/github-authorized-keys

I&#39;m trying to integrate github-authorized-keys with bastion. It&#39;s working without the etcd caching. When I enable caching I get the following error (it still works just the key is always re…

SweetOps avatar
SweetOps
07:00:08 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @

Good to have you here =)

2020-04-05

SweetOps avatar
SweetOps
07:00:03 PM

Hey everyone, give a warm welcome to our newest members!

  • @Harsha Gollahalli Venkatesh
  • @
  • @

Good to have you here =)

Harsha Gollahalli Venkatesh avatar
Harsha Gollahalli Venkatesh

Hello Team, I am Harsha from Berlin, Germany Thanks for the warm welcome note

3

2020-04-04

SweetOps avatar
SweetOps
07:00:01 PM

Hey everyone, give a warm welcome to our newest members!

  • @

Good to have you here =)

2020-04-03

andrea avatar
andrea

Hello o/

3
SweetOps avatar
SweetOps
07:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @maciej.gozdzik
  • @
  • @

Good to have you here =)

Mikhail Naletov avatar
Mikhail Naletov

2020-04-02

SweetOps avatar
SweetOps
07:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @
  • @

Good to have you here =)

Arnaud Groussard avatar
Arnaud Groussard

Thanks for the great job for the community folks !

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks @ ! Appreciate the shout out

2020-04-01

Zachary Loeber avatar
Zachary Loeber

http://xyproblem.info/ <- So concisely true

The XY Problem

Asking about your attempted solution rather than your actual problem

:100:4
:--1:2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I was raking my brain trying to remember this one; so relieved you reminded me of it. @Andriy Knysh (Cloud Posse) is filled with random trivia like this one and he told me about it a long time ago. I wanted to add it to our “guidlines when asking for help” section.

The XY Problem

Asking about your attempted solution rather than your actual problem

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

just did that!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Code of Conduct - SweetOps

This code of conduct governs the SweetOps Slack Community and related Open Source Projects. SweetOps is operated by Cloud Posse, a DevOps …

:--1:1
SweetOps avatar
SweetOps
07:00:07 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @

Good to have you here =)

androogle avatar
androogle
Ex-NSA hacker drops new zero-day doom for Zoom – TechCrunch attachment image

The two flaws can be used to spy on a Zoom user’s webcam and microphone.

    keyboard_arrow_up