|
necrobobsledder posted:There's no way to limit spending in AWS is the thing and the truth is that there's nothing that really distinguishes a "prod" account from a "dev" account when it comes to getting owned and having someone spin up resources on your dime because your devs aren't focused on basic operational security. Our developer account got owned and all our instances there mining coins for a while too. Responding to that by appointing someone to babysit everybody's AWS usage feels like the 2010s version of people having to file IT support tickets to install their preferred text editor on their workstations.  quote:At a point I'd like to request service limit decreases from AWS for everything we don't use normally but I haven't seen that option yet. I think I read somewhere that AWS support will do that for you. Have you checked out AWS Organizations and Service Control Policies?
|
#
?
Jun 29, 2018 10:53
|
|
|
|
| # ? May 15, 2024 07:39 |
|
|
You certainly can request limit decreases. I did it after Team Chucklefuck raised all their limits to 1000 for no reason and got hacked. Just open a support case and ask them to do it. It’s not one of the choices in the drop down but I just filed it as “general account question” or something and they took care of it. I had support set the limits to 0 in regions we don’t and probably will never use, and something closer to the number of instances we actually run in the regions we do use. You can always raise them again if needed.
|
|
#
?
Jun 29, 2018 11:58
|
|
|
Hadlock posted:Grafana natively supports AWS cloudwatch as a datasource out of the box, all it needs is a read-only billing IAM key to get started. We have it on our main monitoring display and it's nice to have a visual representation of how much you spent last month vs your rate of spend this month. We do this as well, it works pretty well. We have a lovely Django App (TM) with some basic role based controls and Grafana/jquery views to visualize a given metric of a $PROJECT SDLC. Also pull this info and send daily slack broadcasts to the relevant channel, so teams as well as finance folk have a good sense of what is running, cost, etc. This, combined with tags (we support 3 "tiers" of environment) to keep instances limited on a per $PROJECT basis, along with keeping terraform tied to the account keys, we are able to keep costs relatively well policed. Visibility is everything.
|
|
#
?
Jun 29, 2018 19:58
|
|
|
xpander posted:The bottom line is that you need to have those policies reflected by automation/code or else they aren't worth a hill of beans. Anything not enforced in this way leads to keys on Github and $68k miner happy hour. Not only that, but self-service avenues mean that you can make it easier for teams to adopt those methods, which reduces the burden on your ops team to provision resources and gives them more time to roll out cool stuff like this. This is what I've been building; We have a small cluster of services dedicated to governance; one will scan and make sure everyone has a budget/those that do are respecting a budget, resources that don't follow specific tags are trashed. We have also started to branch into open source and every repository that wants to be OSed will soon be scanned for things that match our internal DNS entries, things that look like AWS access keys, personally identifiable information etc. and if it flags up the project is denied ascension to GitHub. Account & VPC creation is automatic and will add a master read only IAM role which allows all this, any accounts that fail the basic "can I read your poo poo" sniff test get flagged to their managers.
|
|
#
?
Jun 30, 2018 11:58
|
|
|
I’m going to stop making GBS threads up the Working in IT thread with Docker stuff so I can poo poo it up with other topics. I’ve been doing some beginner tutorials at work, but I want to set something up at home. My desktop can sometimes be inconvenient to work from by virtue of being loving gigantic and stuck in one place. I want to set up a MEAN stack CRUD application, and it seems like being able to VPN into it from my laptop would be good. Here’s what I’m thinking I’ll need: Container running VPN software of my choice. Container running Mongodb. Container running Express. Container running Angular 2. All of this on a Linux VM. What am I missing?
|
|
#
?
Jul 26, 2018 23:24
|
|
|
22 Eargesplitten posted:I’m going to stop making GBS threads up the Working in IT thread with Docker stuff so I can poo poo it up with other topics. I’ve been doing some beginner tutorials at work, but I want to set something up at home. My desktop can sometimes be inconvenient to work from by virtue of being loving gigantic and stuck in one place. I want to set up a MEAN stack CRUD application, and it seems like being able to VPN into it from my laptop would be good. Here’s what I’m thinking I’ll need: I don't understand what problem you're trying to solve.
|
|
#
?
Jul 26, 2018 23:27
|
|
|
New Yorp New Yorp posted:I don't understand what problem you're trying to solve. devops.py
|
|
#
?
Jul 26, 2018 23:31
|
|
|
22 Eargesplitten posted:I’m going to stop making GBS threads up the Working in IT thread with Docker stuff so I can poo poo it up with other topics. I’ve been doing some beginner tutorials at work, but I want to set something up at home. My desktop can sometimes be inconvenient to work from by virtue of being loving gigantic and stuck in one place. I want to set up a MEAN stack CRUD application, and it seems like being able to VPN into it from my laptop would be good. Here’s what I’m thinking I’ll need: I wouldn't do a VPN in a container. For your use case, I wouldn't bother with a VPN at all. Just set up SSH on your linux vm. I would also look into Docker Compose, which will allow you to define all of your containers, their network and storage in one configuration file.
|
|
#
?
Jul 27, 2018 00:13
|
|
|
New Yorp New Yorp posted:I don't understand what problem you're trying to solve. The problem is I have a lovely job and there’s a job posted for an entry level SRE at a place that uses Docker, Kubernetes, and Terraform. They also don’t require a BS like most jobs around here do. I’m trying to do a project that gives me a bit of real experience rather than just tutorials. Otherwise I would just run stuff by itself on my Windows machine.
|
|
#
?
Jul 27, 2018 00:36
|
|
|
22 Eargesplitten posted:I’m going to stop making GBS threads up the Working in IT thread with Docker stuff so I can poo poo it up with other topics. I’ve been doing some beginner tutorials at work, but I want to set something up at home. My desktop can sometimes be inconvenient to work from by virtue of being loving gigantic and stuck in one place. I want to set up a MEAN stack CRUD application, and it seems like being able to VPN into it from my laptop would be good. Here’s what I’m thinking I’ll need:
|
|
#
?
Jul 27, 2018 03:22
|
|
|
I’m a dumbass with no experience in web dev and am trying to figure this out as I go.
22 Eargesplitten fucked around with this message at 04:10 on Jul 27, 2018 |
|
#
?
Jul 27, 2018 04:05
|
|
|
Vulture Culture posted:Angular is a frontend framework. Where is a container involved here? Run firefox in a container and expose it to the user
|
|
#
?
Jul 27, 2018 04:25
|
|
|
Get a linux academy subscription and run through some of their labs. It launches real containers in aws on their dime and you can get guided hands-on experience which it seems like you need because you aren't experienced enough yet to even ask the right questions.
|
|
#
?
Jul 27, 2018 04:35
|
|
|
Should be ngninx but MENN isnt a cool acronym E: unless it's raining
|
|
#
?
Jul 27, 2018 05:23
|
|
|
Anyone here automating GitLab repo and Jenkins project creation? I've had a look around and can see a number of options but unsure if there's a recomended method that I might have overlooked.
|
|
#
?
Jul 27, 2018 05:39
|
|
|
cheese-cube posted:Anyone here automating GitLab repo and Jenkins project creation? I've had a look around and can see a number of options but unsure if there's a recomended method that I might have overlooked. Almost the same, different tech; BitBucket and TeamCity. We have an API key for each service, then use code to request a repository, then create a TeamCity project and tie the two together. Hopefully extending it with templates soon. If you're using a high level language then its only 10-20 lines of code. We've also been looking at Terraforming it all but I've checked and there's no Jenkins provider 
|
|
#
?
Jul 27, 2018 09:26
|
|
|
Cancelbot posted:Almost the same, different tech; BitBucket and TeamCity. We have an API key for each service, then use code to request a repository, then create a TeamCity project and tie the two together. Hopefully extending it with templates soon. If you're using a high level language then its only 10-20 lines of code. Yeah see that's exactly what we're hoping to do however it certainly isn't that simple when working with Jenkins (Several pages ago I spoke in favour of Jenkins saying that it was OK however I'd like to retract that opinion and say that those who replied in the negative are correct  ).To complicate matters we've got a lot of technical debt due to things being rushed and this is coming to the surface now that we're trying to implement proper process in GitLab. We have components in dev that don't have repos in GitLab and for those that do have repos half of them either don't have a Jenkinsfile, don't have the integration webhook for Jenkins configured on the repo, don't have a Jenkins project or have the wrong build trigger configuration. So yeah any Jenkins specific pointers would be much appreciated. Edit: thanks Methanar, I certainly learned that the hard way! vvv Pile Of Garbage fucked around with this message at 11:34 on Jul 27, 2018 |
|
#
?
Jul 27, 2018 10:23
|
|
|
cheese-cube posted:Yeah see that's exactly what we're hoping to do however it certainly isn't that simple when working with Jenkins (Several pages ago I spoke in favour of Jenkins saying that it was OK however I'd like to retract that opinion and say that those who replied in the negative are correct Methanar 3 weeks ago posted:Report back in 4 months for how you feel about Jenkins
|
|
#
?
Jul 27, 2018 10:35
|
|
|
22 Eargesplitten posted:I’m a dumbass with no experience in web dev and am trying to figure this out as I go.
|
|
#
?
Jul 27, 2018 10:52
|
|
|
22 Eargesplitten posted:I’m a dumbass with no experience in web dev and am trying to figure this out as I go. It's concept overload. Trying to learn 9 different new things at once is guaranteed to end in failure. Choose one or two of those new things you're unfamiliar with and learn about them in isolation. You don't have to become an expert, just comfortable. If you don't know anything about web dev, combining "not knowing anything about web dev" with "totally unfamiliar development environment and deployment toolchain" is a terrible idea.
|
|
#
?
Jul 27, 2018 14:40
|
|
|
It’s a combination of enthusiasm and a long history of biting off way more than I can chew. Also a need to get the gently caress out of my current job and knowing how much demand vs supply there is right now. It occurred to me last night I should probably do something less ambitious at first. I’m spending lunch and breaks at work going through tutorials for now. I was also under the mistaken impression that Docker only worked on Linux, but there’s a version for Windows so I don’t know if I was reading it wrong or just had old information.
|
|
#
?
Jul 27, 2018 14:49
|
|
|
22 Eargesplitten posted:I was also under the mistaken impression that Docker only worked on Linux, but there’s a version for Windows so I don’t know if I was reading it wrong or just had old information. Not only does Docker work on Windows, but it can run Linux containers.
|
|
#
?
Jul 27, 2018 14:58
|
|
|
Kubernetes on Windows, on the other hand, is a nuisance. Joining nodes to the cluster works but every K8s add-on I download (the latest being VCP) assumes all nodes are Linux and spreads nonsense around, forcing me to edit the deployments or daemonsets they create to add OS filters.
|
|
#
?
Jul 27, 2018 15:28
|
|
|
Well that sounds like a pain in the rear end. Are there generally recommended starter Docker projects? Since I should probably wait until I get Docker and maybe k8s before doing something else new on it. I’d like to mess with mongodb if possible too, learn the basic differences between that and SQL.
|
|
#
?
Jul 27, 2018 18:39
|
|
|
22 Eargesplitten posted:Well that sounds like a pain in the rear end. https://university.mongodb.com
|
|
#
?
Jul 27, 2018 18:42
|
|
|
If Prometheus/Grafana is the open source monitoring solution What is the log management equivalent these days Bonus points if there's already a helm chart for it
|
|
#
?
Jul 27, 2018 18:44
|
|
|
22 Eargesplitten posted:Well that sounds like a pain in the rear end. You don't actually need to containerize your entire application. You could very easily just get a mongodb container, start running that on it's own, get it working with your app, and then expand as you feel comfortable.
|
|
#
?
Jul 27, 2018 18:45
|
|
|
Hadlock posted:If Prometheus/Grafana is the open source monitoring solution Graylog? I don't know about a helm chart, but there are official docs for docker compose. Docker compose Helm chart The Fool fucked around with this message at 18:49 on Jul 27, 2018 |
|
#
?
Jul 27, 2018 18:46
|
|
|
I think ELK/EFK is pretty widespread, no?
|
|
#
?
Jul 27, 2018 20:56
|
|
|
The Fool posted:You don't actually need to containerize your entire application. You could very easily just get a mongodb container, start running that on it's own, get it working with your app, and then expand as you feel comfortable. Thing is I don’t actually have an app yet. I could try containerizing a Java project I have on my github already, I guess? There’s also a C# Unity project, but that isn’t playable yet because my enemies keep running into walls and getting stuck between each other. Which is a shame, because with my limited level of knowing what I’m doing I feel like there’s more aspects to containerize in a Unity program than a small Java app.
|
|
#
?
Jul 27, 2018 21:17
|
|
|
22 Eargesplitten posted:Thing is I don’t actually have an app yet. You're not going to be containerizing a Unity app, or any other desktop app. You should start by reading what containers are and what they're for.
|
|
#
?
Jul 27, 2018 21:25
|
|
|
Now containerizing Unity itself for building a project upon commit as part of a CI/CD setup, then you’ve got yourself a use case.
|
|
#
?
Jul 27, 2018 21:38
|
|
|
New Yorp New Yorp posted:You're not going to be containerizing a Unity app, or any other desktop app. You should start by reading what containers are and what they're for.
|
|
#
?
Jul 27, 2018 22:02
|
|
|
Yeah people are putting GUI apps in containers now, its a thing. This is basically what "Snaps" are in the ubuntu world. X11 apps are especially easy. Just because it isn't the original purpose doesn't mean it's bad. We have a webapp, vault-ui that provides a front end for our vault server, it's pretty cool.Ploft-shell crab posted:I think ELK/EFK is pretty widespread, no? I think our biggest problem with Kibana is that the LDAP login-plugin is like $1600 a year, and there are no free alternatives. Right now we have a rudimentary graylog2 install (which does support LDAP) but graylog3 is going to come out soon and I think GL2 uses an older version of elasticsearch. Looking for a better alternative.
|
|
#
?
Jul 27, 2018 22:04
|
|
|
Hadlock posted:I think our biggest problem with Kibana is that the LDAP login-plugin is like $1600 a year, and there are no free alternatives. Right now we have a rudimentary graylog2 install (which does support LDAP) but graylog3 is going to come out soon and I think GL2 uses an older version of elasticsearch. Looking for a better alternative.
|
|
#
?
Jul 27, 2018 22:09
|
|
|
Vulture Culture posted:Do you need index-specific permissions? You can front your cluster with something like Nginx doing HTTP Basic against LDAP authn/authz with two dozen lines of config. Yep, that's what we do. It has led to people going into the admin configs and screwing things up, thinking they are changing settings applicable for just their own session. But my company is never going to pay for the licenses to get all the bells and whistles, so this is good enough.
|
|
#
?
Jul 27, 2018 22:55
|
|
|
cheese-cube posted:Anyone here automating GitLab repo and Jenkins project creation? I've had a look around and can see a number of options but unsure if there's a recomended method that I might have overlooked. Check out Jenkins Job Builder. We mostly use Jenkins for deploys these days, and let Gitlab handle builds.
|
|
#
?
Jul 28, 2018 00:11
|
|
|
Hadlock posted:If Prometheus/Grafana is the open source monitoring solution Looked at distributed tracing? OpenTracing and Jaeger?
|
|
#
?
Jul 28, 2018 03:21
|
|
|
uncurable mlady posted:Looked at distributed tracing? OpenTracing and Jaeger? My boss is wet to start using Jaeger, but we're nowhere near operationally mature enough to even start contemplating it. Hopefully we do our next raise soon and we can afford to get another senior guy.
|
|
#
?
Jul 28, 2018 08:49
|
|
|
|
| # ? May 15, 2024 07:39 |
|
|
Hadlock posted:My boss is wet to start using Jaeger, but we're nowhere near operationally mature enough to even start contemplating it. Hopefully we do our next raise soon and we can afford to get another senior guy.
|
|
#
?
Jul 28, 2018 15:58
|
|