#general (2020-06)

General conversations related to DevOps/Automation

General Discussions

2020-06-30

joost avatar
joost

Hey! Is the http://artifacts.cloudposse.com/ still in use? We got an 404 error when trying to use https://github.com/cloudposse/terraform-aws-ses-lambda-forwarder

cloudposse/terraform-aws-ses-lambda-forwarder

This is a terraform module that creates an email forwarder using a combination of AWS SES and Lambda running the aws-lambda-ses-forwarder NPM module. - cloudposse/terraform-aws-ses-lambda-forwarder

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yes! it’s still in use, however, there were a couple recent releases that had broken CI/CD so the artifacts were not pushed.

cloudposse/terraform-aws-ses-lambda-forwarder

This is a terraform module that creates an email forwarder using a combination of AWS SES and Lambda running the aws-lambda-ses-forwarder NPM module. - cloudposse/terraform-aws-ses-lambda-forwarder

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Oh, I only looked at the one for our elasticsearch cleanup module.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Add ChatOps & Fix Artifacts by osterman · Pull Request #15 · cloudposse/terraform-aws-ses-lambda-forwarder

what add chatops commands /test all /test bats /test readme /test terratest drop codefresh why Facilitate testing of PRs from forks

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(and using a new tag)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Should be fixed now in 0.4.0

joost avatar
joost

Could some provide me the correct link of the lambda.zip?

RB avatar

are there enough people in this community to warrant a #cloudcustodian channel ?

https://cloudcustodian.io/

Cloud Custodian

Cloud Custodian

SweetOps avatar
SweetOps
07:00:23 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @

Good to have you here =)

2
Francis avatar
Francis

Hi folks. Really glad to be here. I stumbled upon cloud posse when I was searching for the cleanest way to implement IaC from the ground up. To begin with, your multi-aws account approach as step number 1 got me hooked and was exactly what I was hoping for. Very excited to try out the rest of the repos and I’ve been keenly reading your docs. On this note, I’m trying geodesic out, in the hope that I can go try out the rest of the reference architecture repos so I can start building. TBH, I’m not sure if I can just run any of the repos upon checkout (I’m sure I’m missing a doc somewhere as I can’t just run the readme commands ootb). Is this expected? Any help in the right direction on how to start would be really appreciated/helpful. Anyway, glad to be in this community. I think what you made here is great!

Joe Hosteny avatar
Joe Hosteny

Helped me getting set up

Francis avatar
Francis

This is really very helpful, Joe. Thanks very much!

2020-06-29

SweetOps avatar
SweetOps
07:00:21 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @

Good to have you here =)

1

2020-06-28

SweetOps avatar
SweetOps
07:00:02 PM

Hey everyone, give a warm welcome to our newest members!

  • @

Good to have you here =)

1

2020-06-27

SweetOps avatar
SweetOps
07:00:06 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

2020-06-26

SweetOps avatar
SweetOps
07:00:02 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @

Good to have you here =)

:--1:2
David Medinets avatar
David Medinets

https://medined.github.io/centos/terraform/ansible/stig/2020/06/25/run-stig-on-centos7.html shows how to run a RHEL7 STIG playbook on Centos7 and improve the Lynis hardening index to 100 (skipping a few tests).

Codebits by David Medinets

This is going to be a long post. We’ll start from scratch and develop the ability to run the MindPoint Group RHEL7 STIG on Centos 7. If you want to go farthe…

2020-06-25

SweetOps avatar
SweetOps
07:00:50 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @
  • @
  • @

Good to have you here =)

4
Josh Duffney avatar
Josh Duffney

Hey everyone!

2
vicken avatar
vicken

Just a heads up, the online public slack archive search endpoint might be broken? https://archive.sweetops.com/search getting a 404 error

RB avatar

then after the captcha, you should be able to search

vicken avatar
vicken

That URL is hit after you search, with your query

vicken avatar
vicken

it 404s

vicken avatar
vicken
10:21:39 PM
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Ah crap! thanks for bringing that to my attention.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Will get that fixed.

vicken avatar
vicken

thanks erik!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

also, on google, you can use site:[archive.sweetops.com](http://archive\.sweetops\.com) test

:1000:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(for now)

vicken avatar
vicken

oh cool very nice!

keen avatar

hey erik - I know I asked this before but failed to retain it - what are you guys using for the archive software?

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We rolled our own

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

its’ one of the few things we havne’t open sourced

2

2020-06-24

David Medinets avatar
David Medinets

RESOLVED? This might be a simple question. I have an EC2 centos7-based system with one nvme0n1p1 device. How does /dev and /dev/shm get mounted? I want to add “noexec”.

devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=1885468k,nr_inodes=471367,mode=755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,seclabel)

I thought this would be done in /etc/fstab but just has one line.

UUID=388a99ed-9486-4a46-aeb6-06eaf6c47675 /                       xfs     defaults        0 0

To answer my own question. I added two lines to the /etc/fstab file and rebooted. The server seems to still work.

tmpfs /dev/shm /tmpfs rw,seclabel,nosuid,noexec,nodev,size=2G 0 0
devtmpfs /dev devtmpfs rw,seclabel,nosuid,noexec,size=2G,nr_inodes=471366,mode=755 0 0
:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

thanks for posting your resolution! that will help others.

HS avatar

I have a question for today’s #office-hours, I don’t want to interrupt so I will just drop it here

What APM would you recommend for a Java Based application, and I can easily deploy on my Kubernetes cluster

muhaha avatar
muhaha

sentry, elasticsearch

muhaha avatar
muhaha

prometheus + actuator

HS avatar

Interesting! Thanks @muhaha

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

sorry, didn’t see this! please post it in #office-hours next time, otherwise we won’t see it

HS avatar

Okay!

SweetOps avatar
SweetOps
07:00:15 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @

Good to have you here =)

2
Steven Stevanus avatar
Steven Stevanus

2020-06-23

SweetOps avatar
SweetOps
07:00:20 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

Gowiem avatar
Gowiem

Any https://drone.io/ users here? Just got tasked with using it for a client and I haven’t heard of it previously. Would be interested to hear thoughts + pros / cons if anybody has any experience with it.

Drone CI – Automate Software Testing and Delivery

Drone is a self-service Continuous Delivery platform for busy development teams

Joe Niland avatar
Joe Niland

@Gowiem I used it for a project a couple of years ago. We deployed serverless framework projects with it.

We provisioned it on EC2 with Terraform. Now they have docker images so I’m guessing you’d probably do well to deploy on ECS (if you’re using AWS.)

Overall I liked it. It is really streamlined and very flexible. Docker-based builds were a nice change at the time. Now everyone does it.

I remember secret management wasn’t great but now it looks pretty good.

The great thing was heaps of plugins for stuff like Slack notifications.

I don’t really see any specific cons other than it’s not a managed service if you’re self hosting. Security and HA would be your problem to an extent.

Happy to try to answer any questions you have.

Drone CI – Automate Software Testing and Delivery

Drone is a self-service Continuous Delivery platform for busy development teams

Gowiem avatar
Gowiem

Awesome — Solid review, Thanks @Joe Niland!

Joe Niland avatar
Joe Niland

Keep us posted!

Joe Niland avatar
Joe Niland

(btw there’s a #release-engineering channel)

Gowiem avatar
Gowiem

Yeah, will do. Should be interesting. The client is running all services on ECS right now, but is changing over to K8s within the coming weeks/months, so I imagine it’ll be good to be on drone from the portability perspective.

Joe Niland avatar
Joe Niland

Ah I see. Drone and k8s seem like a good match these days but no specific experience. Looks like you could migrate to using their k8s runner if you had builds running on Docker (EC2, ECS, etc)

Joe Niland avatar
Joe Niland

Have been doing a lot of CodePipeline lately - this makes me want to try Drone again!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Gowiem is this a good question for #office-hours ?

Gowiem avatar
Gowiem

@Erik Osterman (Cloud Posse) if you don’t have many questions and you need one then sure. I was just trying to get a pulse from the community on this product / solution.

2020-06-22

Karoline Pauls avatar
Karoline Pauls

Can you recommend an LDAP server to run in a docker container for testing/dev?

Maciek Strömich avatar
Maciek Strömich

Openldap?

muhaha avatar
muhaha
glauth/glauth

A lightweight LDAP server for development, home use, or CI - glauth/glauth

SweetOps avatar
SweetOps
07:00:02 PM

Hey everyone, give a warm welcome to our newest members!

  • @

Good to have you here =)

2020-06-20

SweetOps avatar
SweetOps
07:00:13 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @

Good to have you here =)

2020-06-19

SweetOps avatar
SweetOps
07:00:10 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @

Good to have you here =)

2020-06-18

SweetOps avatar
SweetOps
07:00:21 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @

Good to have you here =)

1
praneeth avatar
praneeth

Thank you

2020-06-17

Csaba avatar
Csaba

Hi, I am happy to be here

RogierD avatar
RogierD

Hello all.

SweetOps avatar
SweetOps
07:00:18 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @

Good to have you here =)

1

2020-06-16

SweetOps avatar
SweetOps
07:00:25 PM

Hey everyone, give a warm welcome to our newest members!

  • @

Good to have you here =)

2020-06-15

SweetOps avatar
SweetOps
07:00:15 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

2020-06-14

roth.andy avatar
roth.andy
Dual Boot is Dead: Windows and Linux are now One. attachment image

Turn your Windows machine into a developer workstation with WSL 2.

1
Zachary Loeber avatar
Zachary Loeber

Too bad to get WSL2 you have to be on a version of windows that is so bleeding edge you get updates literally every day….

Dual Boot is Dead: Windows and Linux are now One. attachment image

Turn your Windows machine into a developer workstation with WSL 2.

Zachary Loeber avatar
Zachary Loeber

has that changed at all?

Zachary Loeber avatar
Zachary Loeber

I’ve not really used Windows in about a year or so..

roth.andy avatar
roth.andy

The new version is GA now

SweetOps avatar
SweetOps
07:00:02 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

David Medinets avatar
David Medinets

Fedora CoreOS is frustrating. I can’t find out what version of setroubeshoot are available. Surely find that information shouldn’t take hours to find? https://en.wikipedia.org/wiki/RPM_Package_Manager does not mention a single thing about where the packages come from.

Adam Blackwell avatar
Adam Blackwell

This is a little last minute, but if any SweetOps friends are interested in giving a talk in late September, our CFP closes tonight and has your name on it =)//twitter.com/devopsdaysbos/status/1272295934014238721>

THE TIME IS NOW! Our CFP closes tonight at midnight EDT - submit your talk proposals on #sre, #burnout, #security, and everything #devops! https://bit.ly/dodbos2020cfp

2020-06-13

SweetOps avatar
SweetOps
07:00:08 PM

Hey everyone, give a warm welcome to our newest members!

  • @

Good to have you here =)

2020-06-12

SweetOps avatar
SweetOps
07:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @

Good to have you here =)

ismail yenigul avatar
ismail yenigul

Thanks!

avaussant avatar
avaussant

Thanks :–1:

peterloron avatar
peterloron

Howdy!

Elliott O'Hara avatar
Elliott O'Hara

Ty!

2020-06-11

Hari Krishna Ganji avatar
Hari Krishna Ganji

Hey Amazing people.

Any chance Cloud Posse is going to explore Pulumi as a option beyond Terraform.

One argument I keep making often is it might take some time for Pulumi to catch with Community Modules. And I often take Cloud Posse’s high quality Terraform modules to back my argument.

I am currently exploring Pulumi, and would like to hear what you guys have to say.

Is it too early. Would you personally consider Pulumi?


Also is it a big ask for you guys to provision a #pulumi channel to encourage discussion around it?

Thanks.

Pleasant day!

keen avatar

I spent a lot of time working with pulumi last year on a client project. (I also have had a heck of a lot of other things going on, so this is a high level summary based on 6/2019 knowledge)

in general, it wouldn’t recommend pulumi. basically, it’s terraform at its core. it behaves the same as terraform - the same plan/apply model, the same stored state, etc.

it doesnt really integrate into any existing code project in any usable way - you just build out your config in code. sort of. because it’s still terraform, and there’s still stored state and plan/apply steps, that causes a lot of atypical behavior in how the code executes.

also, the pulumi dev teams introduce a lot of their own specific desires into the libraries. you can’t functionally use javascript for example - you must use typescript. (you -can- use javascript, but they strictly and specifically depend on the type enforcement in TS…and if you dont have it, bad shit happens).

the python support was virtually nonexistent - just enough to call it a checkbox. all of the real core work was being done around typescript.

you’ll find yourself pulling in a ton of framework code to try to support anything….and a lot of that is still heavily in redevelopment. it was common to run into “oops, this piece doesnt work with that piece”.

and there were a remarkable amount of cases where you just can’t pass data from one place to another.

1
:100:1
1
:--1:3
keen avatar

…and I was just trying to do “simple” stuff like lambda and fargate management.

Andrey Nazarov avatar
Andrey Nazarov

Oh, thanks for expressing your thoughts! I find it quite valuable.

I tried Pulumi out once (more than a year ago) for a small demo project. Just wanted to play a bit because I really liked the ideas behind it. Nevertheless back then it didn’t convince me to start a transition from TF.

We are still keeping an eye on Pulumi project and I try to read as much thoughts on it as I can, but mostly there were about - it’s TF under the hood + gp language instead of clunky hcl, so consider for yourself.

:--1:1
Hari Krishna Ganji avatar
Hari Krishna Ganji

The feedback is just amazing!

Appreciate your thoughts.

Hari Krishna Ganji avatar
Hari Krishna Ganji

I don’t like the dependency it creates on app.pulumi.com.

This hints us at the intensions of the Company.

Unlike other open source communities which don’t force things on to users.

Say like Debian, Kubernetes, Prometheus etc.

Hari Krishna Ganji avatar
Hari Krishna Ganji

Also Terraform.

Hari Krishna Ganji avatar
Hari Krishna Ganji

Another challenge is that Terraform is good for System Admins who come with Bash Super Skills, but may not have and other programming skills.

Hari Krishna Ganji avatar
Hari Krishna Ganji

In the contrast I thought my guys who are node js guys getting on to do Infra as Code might find it relatively quick to on boar.

Hari Krishna Ganji avatar
Hari Krishna Ganji

Things have changed now.

Pulumi Python is now better. I started with python.

But I haven’t pushed it yet.

My intension is to democratization of Infrastructure as Code and have every Dev own thier Infra.

In the past when I was consulting for an Indonesian startup, which was using Elixir heavy found it hard to wrap their head around HCL.

I think it was more like a mental barrier.

I thought a Typescript/Python would help.

Hari Krishna Ganji avatar
Hari Krishna Ganji

It’s like AWS CDK but without the Cloudformation baggage.

Hari Krishna Ganji avatar
Hari Krishna Ganji

++++

Hari Krishna Ganji avatar
Hari Krishna Ganji

Also one intresting thing was Terraform has no support for AWS Athena, but Pulumi has.

In the past I use CDK for such stop gap problems.

Hari Krishna Ganji avatar
Hari Krishna Ganji

I think a lot has changed for it. It’s worth a shot in 2020.

Chris Fowles avatar
Chris Fowles

I’ve spent a fair amount of time testing out different frameworks and languages for imperative creation of cloud infrastructure with different tools including PoCing my own framework.

The general conclusion I’ve arrived at is that infrastructure in the real world maps much more cleanly to a declarative model.

The amount of wrangling that any kind of imperative language or dsl requires you to do is way more overhead and on going technical burden than just learning and educating how to use a declarative framework like terraform directly.

Terraforms lack of imperative syntax is not a weakness it’s a strength, all the logic of the “how” is abstracted from the end user and handled by subject matter experts rather than end users. The end user has only to focus on modelling the actual end-state they’re after.

:--1:4
:100:3
:-1:2
Zachary Loeber avatar
Zachary Loeber

As much as I whine about Terraform I have to agree. Imposing imperative constructs on top of a fundamentally declarative product is what coders do to work around having to undergo a fundamental paradigm shift that has to occur to become powerful with declarative modeling.

:--1:1
Zachary Loeber avatar
Zachary Loeber

That being said, I cannot believe it took this long to get depends_on into modules….

Zachary Loeber avatar
Zachary Loeber

geesh

Chris Fowles avatar
Chris Fowles

haha - the depends_on thing was tricky based on the way that modules actually worked.

they were kind of more like “import this stuff into the plan” rather than “treat this thing as a single entity”

:--1:1
loren avatar
loren

Agree 100%!

Hari Krishna Ganji avatar
Hari Krishna Ganji

I am glad I brought this topic for discussion.

As I have already gain some great opinions!

Thanks guys.

Hari Krishna Ganji avatar
Hari Krishna Ganji

I will continue finishing my current experimental journey. And will share my experiences too.

Happy Friday.

Chris Fowles avatar
Chris Fowles

Cheers @Hari Krishna Ganji - looking forward to hearing more.

:--1:1
Chris Fowles avatar
Chris Fowles

Regarding the initial question, probably best to ping @Erik Osterman (Cloud Posse) about a channel.

Hari Krishna Ganji avatar
Hari Krishna Ganji

Sure thanks for the suggestion.

@Erik Osterman (Cloud Posse),

It’s it possible to start a #Pulumi channel?

Thanks.

Hari Krishna Ganji avatar
Hari Krishna Ganji

By the one more thing that just occured to my mind is a similar shift from declarative to imperative in the past.

Example:

• Maven to Gradle

• Grunt to Gulp

Hari Krishna Ganji avatar
Hari Krishna Ganji

Android adopted Gradle.

Hari Krishna Ganji avatar
Hari Krishna Ganji

Many other adopted Gulp over Grunt.

Hari Krishna Ganji avatar
Hari Krishna Ganji

This transition occures when devs realize that they are fighting against the tool, and may need some freedom.

Hari Krishna Ganji avatar
Hari Krishna Ganji

I also agree that Infrastructure is different.

Also on the other hand I guess Pulumi is also Declarative, in a sense the final apply, patch is still declarative. However the definition of that Infra is done using a Imperative Language.

Hari Krishna Ganji avatar
Hari Krishna Ganji

Hari Krishna Ganji avatar
Hari Krishna Ganji

By the way today I hit the first significant difficulty.

The CrossWalk for Pulumi that has many macro level modules only supports TypeScript.

And not Python.

1
Soren Martius avatar
Soren Martius

Does Pulumi actually offer a way to create “modules” that work among various languages ?

Hari Krishna Ganji avatar
Hari Krishna Ganji

I am not really sure.

The current engine takes care of the Diff/Patch and other provider related things.

However the offering called Pulumi Crosswalk offers a high level modules that are built on top of the base Language Api.

Given this approach, I arrive at the conclusion that Pulumi cannot offer language agnostic modules.

The unavailability of high level modules for Typescript but not Python also validates this.

Zachary Loeber avatar
Zachary Loeber

Are you actually using crosswalk in production? If so I’d really be interested in how well it works for you

Zachary Loeber avatar
Zachary Loeber

I originally was turned off to Pulumi as it was strongly Typscript driven with few Python modules. They apparently fixed that and have added far more languages. I cannot imagine it is easy to do language agnostic modules

Hari Krishna Ganji avatar
Hari Krishna Ganji

I call it production, but I am risking with Pulumi because the App is not mission critical. It’s a young startup and we can afford a little downtime. Soon it may grow to acquire more complexity.

I am unable to use Crosswalk because the Python support is I think non-existent.

I watch the TypeSript code and transcode manually. So basically it’s a pain at the moment.

Hari Krishna Ganji avatar
Hari Krishna Ganji

I was tempted to contribute to pulumi/pulumi-awsx repo. But I am sure I need to put in the time for multiple iterations and learning curve.

Hari Krishna Ganji avatar
Hari Krishna Ganji

Yup. Language Agnostic is kind of painful.

Hari Krishna Ganji avatar
Hari Krishna Ganji

Also when I saw @keen mention it basicall Terraform. I imagined he was paraphrasing and using the Term loosely.

But I just realized Pulumi actually uses the Terraform Providers underneath. This is very interesting. (Please correct me if my understand is wrong).

I guess, first thats how they are able to catchup with support across so many platforms.

Second, this makes Pulumi just a Developer Experience enhancing wrapper. In a sense.

So I got an email from Joe the founder for feedback after I signed up. Could be an automated email. However, I noticed that his past role was “Partner Director of Technical Strategy & Developer Tools”. at Microsoft.

Hari Krishna Ganji avatar
Hari Krishna Ganji
08:08:27 PM
Hari Krishna Ganji avatar
Hari Krishna Ganji

In another Slack community I am part of I was mentioning that:

This explains Pulumi’s affinity towards TypeScript. Since TypeScript and VSCode if I remember correctly originated at MicroSoft.

Also since the rise of JAMStack and other Node Full Stack Devs (Note that I am hiring 3 of them) also kind of points us at why JavaScript ecosystem is kind of underserved by IaC and DevOps tooling.

Zachary Loeber avatar
Zachary Loeber

That does connect some dots I suppose

Zachary Loeber avatar
Zachary Loeber

I thought they use terraform providers via a bridge, but not TF directly

Zachary Loeber avatar
Zachary Loeber

it would make sense to tap into that vast provider space if possible

Hari Krishna Ganji avatar
Hari Krishna Ganji

However, I am still figuring out the nut and bolts.

Hari Krishna Ganji avatar
Hari Krishna Ganji

So please take my words with some grain of salt.

SweetOps avatar
SweetOps
07:00:17 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @
  • @

Good to have you here =)

2
1
Vladimir avatar
Vladimir

I’m here! What’d I miss?

Zachary Loeber avatar
Zachary Loeber

Nothing, we have been waiting for you to start the party!

1

2020-06-10

SweetOps avatar
SweetOps
07:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @

Good to have you here =)

1
RB avatar
Terminology, Power and Oppressive Language

This document argues for and describes alternatives that shift specific language conventions used by RFC Authors and RFC Editors to avoid oppressive terminology in the technical documentation of the RFC series. Specifically, this document details two sets of terms that are normalised on the technical level but oppressive on a societal level. First, arguments are presented for why any oppressive terms should be avoided by the IETF/IRTF. Second, problem statements for both sets of terms are presented and alternatives are proposed. There is a third section on additional considerations and general action points to address the RFC series, past and future. Lastly, a summary of recommendations is presented.

RB avatar

that was an old version of their draft. the latest version is 01.html

Terminology, Power and Oppressive Language

This document argues for and describes alternatives that shift specific language conventions used by RFC Authors and RFC Editors to avoid oppressive terminology in the technical documentation of the RFC series. Specifically, this document details two sets of terms that are normalised on the technical level but oppressive on a societal level. First, arguments are presented for why any oppressive terms should be avoided by the IETF/IRTF. Second, problem statements for both sets of terms are presented and alternatives are proposed. There is a third section on additional considerations and general action points to address the RFC series, past and future. Lastly, a summary of recommendations is presented.

RB avatar

TLDR: would be nice to use less oppressive originated language going forward

:--1:2
:-1:1

2020-06-09

SweetOps avatar
SweetOps
07:00:12 PM

Hey everyone, give a warm welcome to our newest members!

  • @

Good to have you here =)

2020-06-08

SweetOps avatar
SweetOps
07:00:27 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @

Good to have you here =)

2020-06-07

SweetOps avatar
SweetOps
07:00:03 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @

Good to have you here =)

:--1:1

2020-06-06

SweetOps avatar
SweetOps
07:00:18 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @

Good to have you here =)

2020-06-05

dalekurt avatar
dalekurt

Happy Friday Everyone

I have a problem and in search of a solution. I would like to implement a solution where my EKS (Kubernetes) only pull docker images from ECR. Additionally, all third docker images should reside on ECR, I would like to whitelist these images and automate the process of importing the docker images to ECR. Has anyone implemented such as solution using ECR as a mirror or cache for specific third-party docker images

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@roth.andy I thought you had this working with the admission controller and IPA

roth.andy avatar
roth.andy

I haven’t attempted something like this yet, but a Validating Admission Controller is how I would do the enforcement.

dalekurt avatar
dalekurt

@Erik Osterman (Cloud Posse) @roth.andy I’m planning to do the enforcement at various points

• On commit using GitHub Actions and OPA to check Dockerfiles for whitelisted base images

• Configure EKS to only use AWS ECR as the Docker registry

• OPA Gatekeeper in Kubernetes

dalekurt avatar
dalekurt

The other part to my problem is using ECR and updating it as a mirror to Docker hub only for whitelisted docker images.

dalekurt avatar
dalekurt

So, engineers would submit a PR for whitelisting a Docker base image which would then be mirrors to ECS where their vulnerability scanner will scan the image. Then our in-house tool will provide us with the reports from ECR (Clair)

roth.andy avatar
roth.andy

Looking for an article about the differences between pinning to a git tag or the underlying hash, and the security implications of each. Anyone have anything?

RB avatar

hash can’t be changed but the tag can

roth.andy avatar
roth.andy

right. Looking for a medium article or something I can share with my team

RB avatar

you’d have to lock down tags to have the same immutability as the hash with the readability of tags

RB avatar

basically, you cannot protect tags. using the hash is the securest way at the moment.

:--1:1
RB avatar

i cannot seem to find any blog post on this but if you find one, id be interested

RB avatar

seems like there is one way to do this using a git commit hook thats deployed everywhere. https://stackoverflow.com/a/40860947/2965993

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@RB really good point about the fact that tags cannot be protected on GitHub

SweetOps avatar
SweetOps
07:00:12 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @

Good to have you here =)

4
Rishi Sheth (he/him) avatar
Rishi Sheth (he/him)

Hello! I’m a DevOps/Platform Engineer at Ibotta. I’m new to terraform, aws, k8s, helm/helmfile, and atlantis, but eager to learn. Nice to meet y’all!

:--1:2
LV avatar

Hi! I’m the co-founder of taloflow.ai - we offer turnkey AWS cost optimization for dev teams. Great to be here with all of you.

:--1:2
roth.andy avatar
roth.andy

Never knew about it until today, but there is a SonarQube plugin called Build Breaker that you can install that adds the functionality to make sonarqube scans wait for the analysis to finish, and return a non-zero exit code if the quality gate fails. Fantastic… No more need to mess with curl or the Jenkins SonarQube plugin, which can be flaky.

https://github.com/adnovum/sonar-build-breaker

Works with tools like the Gradle and Maven SonarQube plugins, and sonar-scanner tool

adnovum/sonar-build-breaker

Build Breaker Plugin for SonarQube. Contribute to adnovum/sonar-build-breaker development by creating an account on GitHub.

:--1:2
Gaurav avatar
Gaurav

Cool @roth.andy

Gaurav avatar
Gaurav

@roth.andy I think sonar quality gates plugin also does the same

2020-06-04

SweetOps avatar
SweetOps
07:00:21 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @

Good to have you here =)

:--1:1
Dan Meyers (Cloud Posse) avatar
Dan Meyers (Cloud Posse)

hey! glad to be here

2020-06-03

Sam avatar

Hi guys, does anyone know if it’s possible to have a static Jenkins slave auth token? We’re using the Jenkins Kubernetes operator with a perm slave but every time the master pod restarts it generates a new token so the slave fails to reconnect

Andrey Nazarov avatar
Andrey Nazarov

Just noticed that very old posts became available in this workspace. Do we have an access to the whole Slack history now and for how long?

Reinholds Zviedris avatar
Reinholds Zviedris

Based on what Slackbot wrote: Your workspace is getting a free trial of Slack’s Standard Plan through August 25th! On the Standard plan, your team can now see all your past messages and files, work with external organizations in shared channels, make group calls, and more.

Andrey Nazarov avatar
Andrey Nazarov

Oh, missed this, my bad. Thanks!

sahil kamboj avatar
sahil kamboj

Do we have ansible channel here?

Andrey Nazarov avatar
Andrey Nazarov
sahil kamboj avatar
sahil kamboj

THNX

SweetOps avatar
SweetOps
07:00:39 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @
  • @
  • @
  • @
  • @

Good to have you here =)

2
1
Joseph Ashwin Kottapurath avatar
Joseph Ashwin Kottapurath

hey everyone!

Joseph Ashwin Kottapurath avatar
Joseph Ashwin Kottapurath

I have been working with web technologies for about 2.5 years now. But I am very new to DevOps. I have experience deploying apps to managed environments and am a backend developer.

Joseph Ashwin Kottapurath avatar
Joseph Ashwin Kottapurath

I recently started using terraform and came across your amazing collection of modules on GitHub

Joseph Ashwin Kottapurath avatar
Joseph Ashwin Kottapurath

I would like to contribute to you guys and be part of you, and learn in the process and meet new people

2020-06-02

SweetOps avatar
SweetOps
07:00:14 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @
  • @

Good to have you here =)

1

2020-06-01

SweetOps avatar
SweetOps
07:00:05 PM

Hey everyone, give a warm welcome to our newest members!

  • @
  • @
  • @

Good to have you here =)

1
    keyboard_arrow_up