#office-hours (2021-04)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2021-04-01
2021-04-03
We’ve been hit
Lame we can’t mark as spam
Submitting a spam report requires ~6 clicks and an explanation of why I’m submitting it as spam.
This is itself absusive.
Github is retarded. So crypto miners can open up as many of these spam PRs as they want.
I report them, and I am the one rate limited.
2021-04-07
When adding custom metrics to our apps, I’m interested in how people structure any given metrics. For example, we could post a single metrics with tags to indicate status, but that makes calculations more complex and prone to error, whereas, if we post the total and and error count, we can more easily get the ratio of errors. What are best practices in this area?
Have you checked out the docs?
As a rule of thumb, either the sum() or the avg() over all dimensions of a given metric should be meaningful (though not necessarily useful). - @ https://prometheus.io/docs/practices/naming
Having tags indicate status is not a good pattern.
Yes, But my question is about what related metrics to publish, not simply how to name metrics but that is
For example, we could post a single metrics with tags to indicate status
What kind of status are we talking about?
Generally the pattern is to use APP_UP metric to indicate if service is up or down (0 down, 1 up).
On top of that you add additional metrics (golden signal) and then anything specific to your app usage that makes sense.
Check out this book, I think it will answer many of your questions
if we post the total and and error count, we can more easily get the ratio of errors. What are best practices in this area?
You are exactly right here @Eric Berg
– I recommend posting exactly those types of counts – categorized by _total and type of error: _failed /_timeouts /, etc.
And, in your binaries, avoid doing any math on those counts – for instance, don’t calculate the error ratio in your binary and expose that as a separate metric.
@here office hours is starting in 30 minutes! Remember to post your questions here.
Im curious how people manage auto rotation of iam user access keys within terraform if time permits.
basically im manually bumping a user creation module now, i had thought of creating a pipeline schedule that taints the resource and reapplies but curious what other people do.
what kind of key material or keypairs are these? (access key ID + secret access key) ?
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Brandon vh has joined Public “Office Hours”
Nick James has joined Public “Office Hours”
Andrew Grube has joined Public “Office Hours”
Kerri Rist has joined Public “Office Hours”
David Scott has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Aleksandr Fofanov has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Vicken Simonian has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Julian Severino has joined Public “Office Hours”
Steven Hopkins has joined Public “Office Hours”
Mtu Nguyaz has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Michael Martin has joined Public “Office Hours”
Neil Gealy has joined Public “Office Hours”
Jeffrey Regan has joined Public “Office Hours”
Vicken Simonian has joined Public “Office Hours”
David Lozano has joined Public “Office Hours”
Jamie Ratcliffe has joined Public “Office Hours”
Oskar Maria Grande has joined Public “Office Hours”
Michael Sew has joined Public “Office Hours”
Anthony Michaels has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
imran.hussain has joined Public “Office Hours”
tamsky has joined Public “Office Hours”
Andrew Grube has joined Public “Office Hours”
Evan Pitstick has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
pypi Deprecation of non-SNI compatible clients https://github.com/pypa/pypi-support/issues/978 Some of your older apps may begin to fail to build (your pre-docker builds)
Does anyone have feedback/experience with the new JetBrains Projector project?
• https://blog.jetbrains.com/blog/2021/03/11/projector-is-out/
uwaila adams has joined Public “Office Hours”
mezbaur rahman has joined Public “Office Hours”
Anyone use any of the CNCF tools that work on top of Envoy? If so, did it ease your workflow or make it more complicated? I see Contour, Curiefense, and Open Service Mesh as examples.
Is anyone using any type of IPAM software dynamically in terraform or have a way you define and slice from suberblocks/supernets
netblox, nipap, ryo aws service etc
@Steven Hopkins I have been wonder the same thing on what companies are doing for IPAM source of truth. For datacenter/on-prem we used PHPIPAM or but I have been looking at netbox since terraform provider is more full featured, and it has come recommend. I not heard or seen nipap and ryo, I am going to give these a look this week.
nice, let me know what you think of ‘em all
Do you have a link to aws ryo service? Is this a an abbreviation for some obscure aws service, my google fu is only coming up with people name Ryo especially “AWS Networking with Ryo Koyama” lol
I can tell you Device42 is great for Datacenters but horrible for AWS - I wrote a custom python script that fed Device42 info from AWS api requests that had all our datacenter and cloud stuff in 1 place. It wasn’t a great solution but worked decently well. If I had to do it over again I would just push harder for netbox. (I haven’t seen nipap or ryo either)
We had a demo from them about 6-8 months ago, most of our cloudops staff were a solid no, while our dc, network engineers and compliance team were a yes. We didn’t move forward with it.
Looks like AWS now has a native solution
https://docs.aws.amazon.com/vpc/latest/ipam/allocate-cidrs-ipam.html
Andrew Shepherd has joined Public “Office Hours”
It looks like Google created an open-source repo to help track “the four keys”…https://github.com/GoogleCloudPlatform/fourkeys
coworker posted this, I think it’s actually not DORA though, it’s mostly Puppet
Yeah, it’s similar, but not the same thing.
question about the cloudposse terraform-aws-elastic-beanstalk-environment module:
https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment
…what I’m trying to do is configure the beanstalk-env loadbalancer to redirect HTTP requests to HTTPS
It doesn’t seem to be a config option of the module itself, so wondering what’s the best way to configure this?
One thought I had would be to find the arn for the load balancer from outputs and then modify it within a resource block, e.g.
resource "aws_lb_listener" "front_end" {
load_balancer_arn = "${find.arn.from.ebsEnv.output}"
port = "80"
protocol = "HTTP"
default_action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
}
…but then the above might stomp out other settings of the load balancer?
Another option could be to fork https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment and then PR a config option to for redirectHttpToHttps
…any help/advise greatly appreciated
thx for the question @larry kirschner! might get a quicker response in #terraform on this one
ok thx for getting back…I found something I’m going to try which is this:
resource "aws_lb_listener_rule" "redirect_http_to_https" {
listener_arn = {lb arn}
action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
condition {
http_header {
http_header_name = "X-Forwarded-Port"
values = ["80"]
}
}
}
…if that doesn’t work will try that terraform channel. Thanks again for responding to my q!
…digging around I also found the lb_listener_rule resource, which looks promising:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_rule
…they have an example for HTTP => HTTPS…but it looks weird to me, because the condition isn’t PORT==80?
resource "aws_lb_listener_rule" "redirect_http_to_https" {
listener_arn = FIND_FROM_CLOUDPOSSE_OUTPUT
action {
type = "redirect"
redirect {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
condition {
# shouldn't condition be PORT==80 somehow?
http_header {
http_header_name = "X-Forwarded-For"
values = ["192.168.1.*"]
}
}
}
2021-04-12
2021-04-13
2021-04-14
Hi all! Been a long-time listener to CloudPosse office hours and glad to be joining you on Slack
@Erik Osterman (Cloud Posse) If I can add a question to todays discussion, how do people approach migrating existing AWS infrastructure into Terraform for large-scale projects with many resources?
@here office hours is starting in 30 minutes! Remember to post your questions here.
Question for discussion: Does anyone have a solid process for terraform state migrations in larger teams?
My largest client had an issue today where a newer infrastructure engineer did a bunch of terraform state mv migrations for work of his that hadn’t been merged upstream yet and it caused us to roll back a bunch of his state changes. I’d like to propose a better solution for them to do state migrations going forward and I believe I know how I would do it, but I’d like to see if anyone in this group has strong opinions or has already gone through the trenches with this type of problem before.
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Sam C has joined Public “Office Hours”
Colton Wrisner has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
Jeff Lanza has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Matt Gowie has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
Mazin Ahmed has joined Public “Office Hours”
Kristopher Flint has joined Public “Office Hours”
Julian Severino has joined Public “Office Hours”
Alex Vorona has joined Public “Office Hours”
Bill Clark has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
Kerri Rist has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
jasoneinon has joined Public “Office Hours”
Jamie Ratcliffe has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
links from today’s announcements:
• https://github.com/hashicorp/terraform/releases/tag/v0.15.0-rc2
• https://aws.amazon.com/blogs/opensource/introducing-opensearch/
• https://www.infoq.com/news/2021/04/red-hat-openshift-aws/
• https://blog.1password.com/introducing-secrets-automation/
• https://registry.terraform.io/providers/1Password/onepassword/latest
• https://github.com/cloudposse/terraform-aws-redshift-cluster/pull/1
Ian Bartholomew has joined Public “Office Hours”
Andrew Grube has joined Public “Office Hours”
ASIS SETHI has joined Public “Office Hours”
Thayne Trevenen has joined Public “Office Hours”
tamsky has joined Public “Office Hours”
Emile Fugulin has joined Public “Office Hours”
Andrew Elkins has joined Public “Office Hours”
Wasim Khan has joined Public “Office Hours”
Michael Londeen has joined Public “Office Hours”
venkata mutyala has joined Public “Office Hours”
Michael Holt has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Jeremy (Cloud Posse) has joined Public “Office Hours”
Zadkiel has joined Public “Office Hours”
Jose Franco has joined Public “Office Hours”
Bill Clark has joined Public “Office Hours”
Steven Hopkins has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
Thanks for the talk tonight! first intro to terraformer! and 1password automation given at a great time!
2021-04-15
For the next office hours can we get a tutorial/demo on how the Cloud Posse README.md files are generated? I see the structure of the README.yml and the associated docs/terraform.md (which i assume is generated by terraform-docs markdown . I’d be thrilled to see how it all comes together in CI/CD.
If its not worth the office hours time, and there are docs/demos already available, just point me at those and I’ll proceed with due dilligence.
2021-04-19
2021-04-20
2021-04-21
In certain scenarios, we have had to bootstrap containers to handle variation in configuration files for different environments (e.g. staging / production). We have done so by leveraging mostly Docker entrypoints and confd or shell scripting but for simple and not very complex scenarios.
Is there a better solution or anything you could recommend that would help avoid adding too many abstraction layers to container config management? (e.g. ansible pull)
@here office hours is starting in 30 minutes! Remember to post your questions here.
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Michael Sew has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
Thayne Trevenen has joined Public “Office Hours”
Emile Fugulin has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Sam C has joined Public “Office Hours”
James Haughey has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Michael Martin has joined Public “Office Hours”
Matt Gowie has joined Public “Office Hours”
Florain Drescher has joined Public “Office Hours”
Hakan Kaya has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
David Vasandani has joined Public “Office Hours”
Kerri Rist has joined Public “Office Hours”
David Lozano has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Mazin Ahmed has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
Vicken Simonian has joined Public “Office Hours”
Kristopher Flint has joined Public “Office Hours”
Loren Gordon has joined Public “Office Hours”
James Thalacker has joined Public “Office Hours”
Kayla Rodriguez has joined Public “Office Hours”
Stevan Arychuk has joined Public “Office Hours”
Amelia Graycen has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
links from today’s announcements:
• https://docs.cloudposse.com/
• https://github.com/cloudposse/terraform-aws-redshift-cluster/
• https://onecloudplease.com/blog/automating-aws-account-deletion
• https://grafana.com/blog/2021/04/20/grafana-loki-tempo-relicensing-to-agplv3/
• https://twitter.com/bencodegeek/status/1382738844454416386?s=21
• https://twitter.com/quinnypig/status/1384345962756198400?s=21
Jawwad has joined Public “Office Hours”
Gabriel Montañola has joined Public “Office Hours”
Alina B has joined Public “Office Hours”
Anere Faithful has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
venkata mutyala has joined Public “Office Hours”
Alina B has joined Public “Office Hours”
Jeff Lanza has joined Public “Office Hours”
Ola Ade has joined Public “Office Hours”
Gabriel Boie has joined Public “Office Hours”
Yoni Leitersdorf has joined Public “Office Hours”
Pepe Amengual (CloudPosse) has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Says we need a passcode to enter
Andrew Thompson has joined Public “Office Hours”
Mike Martin has joined Public “Office Hours”
tamsky has joined Public “Office Hours”
Mike Martin has joined Public “Office Hours”
ASIS SETHI has joined Public “Office Hours”
BitsnBites has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
uwaila adams has joined Public “Office Hours”
Our Rancher UI went down and looks like the etcd keeps crashing and restarting (cycling). Over and over. Ever 10 or so seconds. Could this be a cert thing? 3 cluster. Rancher said it’s K8s so we’re digging in but thought to ask. Should we move to Fargate if no K8s specialists? https://youtu.be/zKH5j02abX4
James Haughey has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Michael Martin has joined Public “Office Hours”
Sanjeev M has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Hey folks, just because it’s easy for things to get lost in the “joined” messages: Here are the docs that we’ve been putting together on the SweetOps methodology: https://docs.cloudposse.com/ and we just released a new tutorial on how to do build an environment on AWS using Cloud Posse tooling + module library + patterns https://docs.cloudposse.com/tutorials/first-aws-environment/. If anybody has any questions be sure to give me a shout!
2021-04-22
2021-04-28
@here office hours is starting in 30 minutes! Remember to post your questions here.
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Rajiv Ranjan has joined Public “Office Hours”
Emile Fugulin has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Jeff Lanza has joined Public “Office Hours”
Vicken Simonian has joined Public “Office Hours”
Andrew Grube has joined Public “Office Hours”
James Thalacker has joined Public “Office Hours”
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Matt Gowie has joined Public “Office Hours”
Phil Sautter has joined Public “Office Hours”
Bruce Messick has joined Public “Office Hours”
Robert Jackson has joined Public “Office Hours”
Mazin Ahmed has joined Public “Office Hours”
Michael Londeen has joined Public “Office Hours”
Jason Valencia has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Kerri Rist (Cloud Posse) has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
jasoneinon has joined Public “Office Hours”
Florain Drescher has joined Public “Office Hours”
Cliff Williams has joined Public “Office Hours”
uwaila adams has joined Public “Office Hours”
Cliff Williams has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Evan Pitstick has joined Public “Office Hours”
Kristopher Flint has joined Public “Office Hours”
emem umoh has joined Public “Office Hours”
Joaquin Menchaca has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
Liran G has joined Public “Office Hours”
Vitaly Markov has joined Public “Office Hours”
Mike Martin has joined Public “Office Hours”
Jeremy (Cloud Posse) has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Yoni Leitersdorf has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
William Holroyd has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
tamsky has joined Public “Office Hours”
Dhaval Dedhia has joined Public “Office Hours”
David Lozano has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
Dhaval Dedhia has joined Public “Office Hours”
test has joined Public “Office Hours”
Dhaval Dedhia has joined Public “Office Hours”
Pepe Amengual (CloudPosse) has joined Public “Office Hours”
M Azim Khatri has joined Public “Office Hours”
Gabriel Boie has joined Public “Office Hours”
emem umoh has joined Public “Office Hours”
katrina walker has joined Public “Office Hours”
Aaron Addleman has joined Public “Office Hours”
Blaise Pabon has joined Public “Office Hours”
James Thalacker has joined Public “Office Hours”
Zaven Boni has joined Public “Office Hours”
Alina B has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
C D has joined Public “Office Hours”
Michael Padgett has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Stan M has joined Public “Office Hours”