#general (2022-02)

General conversations related to DevOps/Automation

General Discussions

2022-02-01

Felix Torres avatar
Felix Torres

Hey everyone, a quick question, in Atmos, I’m working on deploying a new organization with the account component utilizing atmos. Can anyone point in the atmos example repo, where the tenant variable is defined?

Felix Torres avatar
Felix Torres

Thank you for your help!

Felix Torres avatar
Felix Torres

I actually keep getting this message: The stack name pattern '{tenant}-{environment}-{stage}' specifies 'tenant, but the stack gbl-root does not have a tenant defined`

Which I’m a bit confused about. In the readme it specifies tenant isn’t required so I removed but it still wants an environment and stage. I can add these in the gbl-root but I’m not sure if that is needed when creating the acocunts. I also followed the the example you provided and still receive that message when I run an atmos terraform plan .

Finally, I also tried commenting the name_pattern from the config to test, but it won’t run without it.

Any direction would be helpful, specifically, I want to follow best practice here.

Yonatan Koren (Codefresh) avatar
Yonatan Koren (Codefresh)

Without digging deep (on my end), your stacks should have the pattern {tenant}-{environment}-{stage}gbl-root doesn’t follow that pattern.

Yonatan Koren (Codefresh) avatar
Yonatan Koren (Codefresh)

In the README it specifies that the tenant label is optional. But if that’s the stack name pattern specified in atmos.yaml should be {environment}-{stage}, not '{tenant}-{environment}-{stage}.

Yonatan Koren (Codefresh) avatar
Yonatan Koren (Codefresh)

I’m by no means saying that the README is clear or denying that it can be confusing the tenant label is still relatively new.

Yonatan Koren (Codefresh) avatar
Yonatan Koren (Codefresh)

Well tenant, isn’t mentioned in the README at all, so looks like this is definitely under-documented

Yonatan Koren (Codefresh) avatar
Yonatan Koren (Codefresh)
Expand Documentation on Use of (optional) `tenant` Label · Issue #115 · cloudposse/atmosattachment image

Have a question? Please checkout our Slack Community or visit our Slack Archive. Describe the Feature The README currently does not explain the optional tenant label and how stacks.name_pattern can…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

also, we just started the atmos channel (about time!)

1
Felix Torres avatar
Felix Torres

Thanks @Yonatan Koren (Codefresh) I haven’t had too much time to dedicate to this so I apologize for the late reply, and thank you for opening up the issue. Just wanted to clairfy, the gbl-root comes from the account module.

Also Erik, thanks for the atmos channel. I’ll move my discussion there. Cheers

terraform-aws-components/modules/account at master · cloudposse/terraform-aws-componentsattachment image

Opinionated, self-contained Terraform root modules that each solve one, specific problem - terraform-aws-components/modules/account at master · cloudposse/terraform-aws-components

sheldonh avatar
sheldonh

Slack Pro, Nice!

5
1
1
1
Taylor avatar

If Slackbot pings us all on the new plan is that considered an advertisement

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this is a BIG thanks to spacelift and @Paweł Hytry - Spacelift and @marcinw!

3
2
1
marcinw avatar
marcinw

You’re most welcome!

2
1
Andrew Nazarov avatar
Andrew Nazarov

It’s cool also because recently I’ve been struggling to find something that was definitely discussed in the past in the Archive. Two thumbs up!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yea, very excited about unlocking the 250K+ messages

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

plus all the private DM history (which to be absolutely clear, we have no access to; just I have had so many great conversations )

DaniC (he/him) avatar
DaniC (he/him)

Kudos Folks, thanks to the sponsors

SweetOps avatar
SweetOps
08:00:14 PM

Hey everyone, give a warm welcome to our newest members!

  • @Nisarg Pansuria
  • @Shrivatsan Narayanaswamy
  • @Sylvain Pajanissamy
  • @J N

Good to have you here =)

wave2
2

2022-02-02

Alexey Murz Korepov avatar
Alexey Murz Korepov

I noted that you folks recently purchased a paid Pro plan of Slack? It’s a lot of expenses for company, so consider migration to opensource Matrix.org protocol from Slack, here is some short info about this: https://element.io/blog/slack-migration/ So Matrix protocol is free for public and self-hosted instances, and much cheaper as SaaS than Slack: https://element.io/enterprise/pricing - you must pay only for active users at month, not for all registered.

Element Matrix Services simplifies Slack migrationattachment image

Element Matrix Services (EMS) is releasing a new service to help organisations migrate from Slack to Element.

Enterprise pricing and features for Elementattachment image

Choose the right Element plan for your organisation. Available on-premise or fully-managed in the cloud. Includes optional add-ons and bridges.

Grummfy avatar
Grummfy

you can also check Mattermost (slack api compatible for hooks) as a real alternative, matrix is a a bit different so it can be confuse (even if it give more feature)

Element Matrix Services simplifies Slack migrationattachment image

Element Matrix Services (EMS) is releasing a new service to help organisations migrate from Slack to Element.

Enterprise pricing and features for Elementattachment image

Choose the right Element plan for your organisation. Available on-premise or fully-managed in the cloud. Includes optional add-ons and bridges.

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

All our customers use slack so we use slack. Same reason we use zoom over jitsi.

1
jedineeper avatar
jedineeper

I can’t sign into this community on a new device? It now requires a Google cloudposse.com account? Was this intentional or?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Crap

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That should have been disabled

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I don’t know how that setting got reverted again

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I was just messing with some slack settings to try and enable SSO for everyone via Google Auth. That turns out didn’t work that way Sorry for the notification spam. Let me know if there are any issues.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I’ve disabled that

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

please try again

jedineeper avatar
jedineeper

Yeah, i saw it last night and thought it might just be propagation within slacks network but it persisted this morning

jedineeper avatar
jedineeper

works now *typing from new laptop

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Did you get the new M1?

jedineeper avatar
jedineeper

No, just a security rebuild of my dell

1
SweetOps avatar
SweetOps
08:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @Justin Nemmers
  • @André
  • @Carlos Abreu
  • @Dag Viggo Lokoeen
  • @Shaun Wang

Good to have you here =)

wave1
1
1
1
mrwacky avatar
mrwacky

Anybody know about Traefik Pilot pricing?

2022-02-03

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

Hello everyone,   I want to know more about the project sudosh (https://github.com/cloudposse/sudosh) and the usage. Actually I want to use this on my redhat 8.4 server the purpose is to log everything type by the users on the server.   I get the “sudosh_linux_amd64” from github and name it sudosh and put it on my server on /usr/bin/. I add the path /usr/bin/sudosh on the file /etc/shells and change my user Command/shell with the command “usermod -s /usr/bin/sudosh osadmin” I also add the configuration on the sudoers files as mentionned on the github.   But when I connect to the server with the user osadmin and I try to watch my shell I see bash and not sudosh : [[email protected] ~]$ echo $SHELL /usr/bin/bash   Can you help me to understand the issue and how to see the logs of commands types by the users on the server ?   Thank you

GitHub - cloudposse/sudosh: Shell wrapper to run a login shell with `sudo` as the current user for the purpose of audit loggingattachment image

Shell wrapper to run a login shell with sudo as the current user for the purpose of audit logging - GitHub - cloudposse/sudosh: Shell wrapper to run a login shell with sudo as the current user …

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Sudosh is just a clever wrapper around the sudo command and the sudo command just runs bash

GitHub - cloudposse/sudosh: Shell wrapper to run a login shell with `sudo` as the current user for the purpose of audit loggingattachment image

Shell wrapper to run a login shell with sudo as the current user for the purpose of audit logging - GitHub - cloudposse/sudosh: Shell wrapper to run a login shell with sudo as the current user …

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Or what ever your SHELL

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

And that variable is populated by your shell

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

Ok I understand, so it’s normal

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

my setup is correct ?

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

What exactly “clever wrapper” means ? it logs events that are launched in sudo ?

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

sorry maybe I misunderstood the purpose of sudosh and its use…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so the deal is that sudo the command that ships with most distros automatically supports console logging, including TTYs

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but sudo cannot be directly used as a login shell

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so we created a very lightweight wrapper that sets up the environment so that it can be used as a login shell

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

The whole wrapper is just 108 lines of basic go code.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
sudosh/main.go at master · cloudposse/sudoshattachment image

Shell wrapper to run a login shell with sudo as the current user for the purpose of audit logging - sudosh/main.go at master · cloudposse/sudosh

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

Ok I see, thank you, to make sure I understand the purpose can you tell me what is the exact purpose to use sudo as a login shell ? What we can do or see with this ? And how ?

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

Hello, I try sudosh it works as I hope

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

But a question about the sudoers, why we need to put in sudoers the user ?

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

In my case I put this : osadmin ALL=(osadmin) ALL

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

I don’t wan’t to put my user in sudoers

Sylvain Pajanissamy avatar
Sylvain Pajanissamy

Do you know how I can use sudosh without giving all privilege of sudoers to my user ?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Don’t use sudosh :-)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Sudosh is built on top of sudo.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Maybe you can provide a sudo rule based on a group that says the user can sudo self. Not sure if that expression is possible.

SweetOps avatar
SweetOps
08:00:07 PM

Hey everyone, give a warm welcome to our newest members!

  • @kumarova.t
  • @Gavin McNair
  • @Jeff McCoy
  • @Jonathan Perry
  • @lib
  • @mostafa fOtoh
  • @Ricky Holland
  • @Sofiane Stamboul

Good to have you here =)

1
wave1
1

2022-02-04

SweetOps avatar
SweetOps
08:00:12 PM

Hey everyone, give a warm welcome to our newest members!

  • @Walt Flores
  • @sjl2024
  • @Ivan Lopez
  • @Rayane BELLAZAAR
  • @James von Hagel

Good to have you here =)

wave2

2022-02-05

SweetOps avatar
SweetOps
08:00:01 PM

Hey everyone, give a warm welcome to our newest members!

  • @Dylan Bannon
  • @Samer Shami
  • @whileloop
  • @Tennison Yu
  • @Miguel Zenteno
  • @Ishau Oyeti

Good to have you here =)

wave1

2022-02-06

SweetOps avatar
SweetOps
08:00:03 PM

Hey everyone, give a warm welcome to our newest members!

  • @Carla Pușcaș
  • @James G

Good to have you here =)

2
1
wave1

2022-02-07

SweetOps avatar
SweetOps
08:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @Billy Sewell

Good to have you here =)

wave1

2022-02-08

johntellsall avatar
johntellsall

Q: how do y’all document your APIs for developers? I’m thinking something can take OpenAPI and spit out a big web page. My colleague was hoping Redocly would work but it’s not 100% for them.

Wédney Yuri avatar
Wédney Yuri

We use backstage and OpenAPI. Backstag also supports OpenAPIAsyncAPIGraphQLgRPC and others.

1
Grummfy avatar
Grummfy

there is also RAML that is a nice format with good tools, but yes openapi is quiete nice

1
SweetOps avatar
SweetOps
08:00:05 PM

Hey everyone, give a warm welcome to our newest members!

  • @Marton Klecska
  • @Manderson Cruz
  • @Brad Alexander
  • @Steven Kalt

Good to have you here =)

wave3
Marton Klecska avatar
Marton Klecska

hi there! I’m here o learn some Atmos usage )

wave1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Nice! Come join us in atmos

1

2022-02-09

SweetOps avatar
SweetOps
08:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @Dana Thomas
  • @Darrin F

Good to have you here =)

wave1

2022-02-10

SweetOps avatar
SweetOps
08:00:03 PM

Hey everyone, give a warm welcome to our newest members!

  • @Christian Kreiling
  • @Nung Bedell
  • @Travis Priest
  • @sownieadam
  • @carl
  • @Kirill I.

Good to have you here =)

wave3
Nung Bedell avatar
Nung Bedell

thanks!

Nung Bedell avatar
Nung Bedell

been using the cloudposse terraform modules and saw ya’ll had a Slack

2
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

welcome!

Travis Priest avatar
Travis Priest

Thanks. Working on a startup that’s getting close to launch and need to clean up DevOps — one of the team recommended this space.

2

2022-02-11

SweetOps avatar
SweetOps
08:00:02 PM

Hey everyone, give a warm welcome to our newest members!

  • @Kenney Sharpton
  • @Zeph
  • @Eric L
  • @Don
  • @github2
  • @Jon Camp
  • @rafa_d
  • @Tyler Jarjoura

Good to have you here =)

wave2

2022-02-12

SweetOps avatar
SweetOps
08:00:02 PM

Hey everyone, give a warm welcome to our newest members!

  • @He Qing
  • @Phil Chen

Good to have you here =)

2022-02-13

SweetOps avatar
SweetOps
08:00:13 PM

Hey everyone, give a warm welcome to our newest members!

  • @maddog
  • @sunkaras58
  • @Francois Baligant
  • @diecristher

Good to have you here =)

1
wave1
1
diecristher avatar
diecristher

Hi wave

wave1

2022-02-14

Aleksei Khudiakov avatar
Aleksei Khudiakov

Hi, sweet (ops) people! wave

wave2
SweetOps avatar
SweetOps
08:00:13 PM

Hey everyone, give a warm welcome to our newest members!

  • @Nick Forte
  • @Aleksei Khudiakov

Good to have you here =)

wave2

2022-02-15

SweetOps avatar
SweetOps
08:00:07 PM

Hey everyone, give a warm welcome to our newest members!

  • @Lachlan Wells
  • @Ravi D. Singh
  • @Josh

Good to have you here =)

wave2

2022-02-16

SweetOps avatar
SweetOps
08:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @Ola Lawal
  • @David DeSalvo
  • @chouhanshreya17
  • @Mike Shoup

Good to have you here =)

wave2

2022-02-17

SweetOps avatar
SweetOps
08:00:09 PM

Hey everyone, give a warm welcome to our newest members!

  • @Antonio Gonzalez
  • @kev.dodd
  • @Yash Shukla

Good to have you here =)

wave3
kev.dodd avatar
kev.dodd

Hi all!

wave3

2022-02-18

SweetOps avatar
SweetOps
08:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @David Pankros
  • @joe g
  • @Yosuke Asai
  • @Jesús Heredia
  • @Diogo Leal Andrade

Good to have you here =)

wave2

2022-02-19

SweetOps avatar
SweetOps
08:00:03 PM

Hey everyone, give a warm welcome to our newest members!

  • @John Carter
  • @Maximiliano Moretti

Good to have you here =)

wave1

2022-02-20

SweetOps avatar
SweetOps
08:00:04 PM

Hey everyone, give a warm welcome to our newest members!

  • @Frank

Good to have you here =)

wave2

2022-02-21

SweetOps avatar
SweetOps
08:00:03 PM

Hey everyone, give a warm welcome to our newest members!

  • @Martin Caarels
  • @rosscdh
  • @kp
  • @hasinireddybitla2404
  • @Dogers

Good to have you here =)

wave3
Martin Caarels avatar
Martin Caarels

Hey everyone, thank you for having me!

wave1

2022-02-22

rosscdh avatar
rosscdh

Hey all thanks for the greetings, I have a few questions about 2 of the cloudposse terraform modules that seem to be misbehaving? Where is the best place to ask about them?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Also, make sure your aware with the latest aws provider 4.0 which broke many things

SweetOps avatar
SweetOps
08:00:02 PM

Hey everyone, give a warm welcome to our newest members!

  • @Max Countryman
  • @John-Paul Pagano
  • @Eyal

Good to have you here =)

wave4

2022-02-23

SweetOps avatar
SweetOps
08:00:07 PM

Hey everyone, give a warm welcome to our newest members!

  • @Kristian Kvilekval
  • @A. Enes Turan
  • @kinnu336
  • @jayvanth wilson
  • @Manolo Scardino
  • @Blardo
  • @Thiago

Good to have you here =)

wave4

2022-02-24

SweetOps avatar
SweetOps
08:00:07 PM

Hey everyone, give a warm welcome to our newest members!

  • @Gavin Stevens
  • @Chandler Forrest
  • @Tyson Malchow

Good to have you here =)

wave1
1

2022-02-25

sohaibahmed98 avatar
sohaibahmed98

Hi wave Team

wave1
sohaibahmed98 avatar
sohaibahmed98
The end-to-end development and testing platform for Kubernetes and Cloudattachment image

Garden removes barriers between development, testing, and CI. Use the same workflows and production-like Kubernetes environments at every step of the process.

sohaibahmed98 avatar
sohaibahmed98

Hi everyone anyone have use garden.io?

SweetOps avatar
SweetOps
08:00:06 PM

Hey everyone, give a warm welcome to our newest members!

  • @Arpan Rajani
  • @Wilson Mar
  • @sohaibahmed98
  • @Rafael Felini
  • @Waqar Ahmed
  • @Zack Johnson

Good to have you here =)

wave2

2022-02-27

2022-02-28

SweetOps avatar
SweetOps
08:00:03 PM

Hey everyone, give a warm welcome to our newest members!

  • @freddyrincones
  • @kingsilemobayo
  • @Luc Juggery
  • @Zineb Ettahiri
  • @Norbert Takács
  • @Levi Figueira
  • @John Dibling
  • @prashanttiwari1337
  • @Patrick Jones

Good to have you here =)

7
wave2
Patrick Jones avatar
Patrick Jones

$ docker run -it –rm –privileged -e BUCKET=”picard-prov” -e AWS_ACCESS_KEY_ID=xxxxxx -e AWS_SECRET_ACCESS_KEY=yyyyy cloudposse/goofys 2022/02/28 2002.494053 s3.ERROR code=RequestError msg=send request failed, err=Head https://s3.amazonaws.com/picard-prov/ogef86g2jki80a0ywnh2ow7mfpsn0ifm: x509: certificate signed by unknown authority

2022/02/28 2002.494121 main.ERROR Unable to access ‘picard-prov’: RequestError: send request failed caused by: Head https://s3.amazonaws.com/picard-prov/ogef86g2jki80a0ywnh2ow7mfpsn0ifm: x509: certificate signed by unknown authority

Patrick Jones avatar
Patrick Jones

How do I get past the “certificate signed by unknown authority” error?

prashanttiwari1337 avatar
prashanttiwari1337

add in /etc/docker/deamon.json file below:

{
  "insecure-registries" : ["your-registry-url"]
}
1
prashanttiwari1337 avatar
prashanttiwari1337

if file is not present then create file at that path.

Patrick Jones avatar
Patrick Jones

I have modified the daemon.json. I have also tried other advice so my command and errors look like:

docker run -it –rm –privileged -e DOCKER_TLS_CERTDIR=”” -e BUCKET=”picard-prov” -e AWS_ACCESS_KEY_ID=xxxxx -e AWS_SECRET_ACCESS_KEY=yyyyyy cloudposse/goofys 2022/03/01 2005.726495 s3.ERROR code=RequestError msg=send request failed, err=Head https://s3.amazonaws.com/picard-prov/y8q2s47zkx6cryhzuxzmo2oxdv2om5sf: x509: certificate signed by unknown authority

2022/03/01 2005.726588 main.ERROR Unable to access ‘picard-prov’: RequestError: send request failed caused by: Head https://s3.amazonaws.com/picard-prov/y8q2s47zkx6cryhzuxzmo2oxdv2om5sf: x509: certificate signed by unknown authority 2022/03/01 2005.726609 main.FATAL Mounting file system: Mount: initialization failed

Any thought?

    keyboard_arrow_up