Klaus

zu leichtfertig mit Zugangsdaten

 Thu, 09 Nov 2017 18:27:55 +0100 
#^Studie: DevOps-Teams gehen häufig leichtfertig mit Zugangsdaten um
Image/photo

In vielen Unternehmen mangelt es den DevOps-Abteilungen an Regeln für den sicheren Umgang mit privilegierten Accounts und Zugangsdaten – vielfach fehlt eine übergreifende Sicherheitsstrategie, wie CyberArks „Advanced Threat Landscape“-Report zeigt.
Klaus

pipeline-examples

 Tue, 26 Sep 2017 17:27:08 +0200 
Nice collection of #Jenkins pipeline examples.

#^jenkinsci/pipeline-examples
Image/photo
pipeline-examples - A collection of examples, tips and tricks and snippets of scripting for the Jenkins Pipeline plugin
Klaus

Jenkins Shared Libraries

 Fri, 04 Aug 2017 18:53:36 +0200 
Should have used shared libraries much earlier.

#^Jenkins Shared Libraries Workshop
by Julien Pivotto on SlideShare
Klaus

RDBMS containers

 Fri, 28 Jul 2017 13:04:28 +0200 last edited: Fri, 28 Jul 2017 16:55:45 +0200  
#^RDBMS Containers » ADMIN Magazine
Image/photo
If you spend very much of your time pushing containerized services from server to server, you might be asking yourself: Why not databases, as well? We describe the status quo for RDBMS containers.
Klaus

LPIC-OT

 Fri, 07 Jul 2017 23:17:18 +0200 
There will be beta-exams for the new LPIC-OT at FrOSCon in August. Looking at the objectives for this new exam it contains a lot of what I have done recently.

#^DevOps Tools Engineer
DevOps is one of the most in-demand skills in open source today.  In order to meet this need with verified skills LPI, an established authority in Linux Administration, is developing the DevOps Tools Engineer certification.  These additional certified competencies strengthen the portfolio of today’s IT professionals.

As more and more companies introduce DevOps methodologies to their workflows; skills in using tools which support the collaboration model of DevOps become increasingly important. LPIC-OT DevOps Tools Engineers will be able to efficiently implement a workflow and to optimize their daily administration and development tasks.

This certification will be released in autumn 2017 and will test proficiency in the most relevant free and open source tools used to implement the DevOps collaboration model, like for example configuration automation or container virtualization.

The new certification is created according to LPI‘s community-based certification development process. This process relies heavily on involvement by the IT community.
Klaus

DW: eine oder einen Senior DevOps Engineer (Development und Operations Engineer)

 Bonn, GermanyTue, 27 Jun 2017 01:23:11 +0200 
Das hört sich doch sehr interessant an, aber was soll dieser Mist mit "auf Basis eines befristeten Honorarrahmenvertrages"?

#^eine oder einen Senior DevOps Engineer (Development und Operations Engineer) - Job bei Deutsche Welle in Bonn
Aktuelles Stellenangebot als eine oder einen Senior DevOps Engineer (Development und Operations Engineer) in Bonn bei der Firma Deutsche Welle

Die Abteilung Applikations- und Systembetrieb betreibt die IT-Infrastruktur der Deutschen Welle am Standort Bonn und eine Vielzahl von unternehmensrelevanten Anwendungen im Audio-, Video- und Online-Umfeld. Der Bereich „Betrieb Onlinesysteme“ betreut in einer modernen, innovativen IT-Landschaft hochverfügbare Webanwendungen zur IP-basierten Distribution des DW-Programms. Es handelt sich überwiegend um Web-Content-Managementsysteme auf Java EE- und PHP-Basis. Sie arbeiten in einem sehr motivierten und aufgeschlossenen Team.
 DevOps  Bonn
Klaus

Deep Dive into Capabilities

 Sun, 25 Jun 2017 22:57:10 +0200 
Secure Your Containers with this One Weird Trick
Did you know there is an option to drop Linux capabilities in Docker? Using the docker run --cap-drop option, you can lock down root in a container so that it has limited access within the container. Sadly, almost no one ever tightens the security on a container or anywhere else.
Klaus

Multi-Project Pipeline Graphs

 Fri, 23 Jun 2017 18:00:52 +0200 
Nice!

#^GitLab 9.3 Released with Code Quality and Multi-Project Pipeline Graphs
Image/photo

GitLab 9.3 Released with Code Quality, Multi-Project Pipeline Graphs, Conversational Development Index, Improved Internationalization, Snippet Descriptions, and much more!


#CI/CD
Klaus

Dockerized

 Fri, 09 Dec 2016 19:02:47 +0100 
Nearly all web projects are moved to #Docker containers now. The old infrastructure was mostly based on CentOS6/7 and the main reason for this step was the annoyance of legacy #PHP projects and their PHP version requirement conflicts. I don't need a cluster or swarm, so I have a single instance with #CentOS based #Project Atomic only. The dockerized projects include:
static pages with nginx
#TYPO3 7.6
#Drupal 8.2
#Piwik 2.17
#Revive Adserver 4.x
#OXID eShop 4.[9|10]
...

Here are some completely subjective "best practices":
  • I was a bit disappointed about most available images in Docker's Hub. But make use of the official mariadb, php, drupal, nginx images!
  • Use your Dockerfile and no massive entrypoint scripts.
  • Don't try to build a base images for all your projects, the projects have all too different requirements. Found it much easier to build custom images from the official PHP images directly with only what was really needed for the projects.
  • Think about mail delivery requirements. Does your application requires mail(), or can you configure a SMTP server. Use sSMTP if you need a local MTA.
  • Get your persistent volumes right and use the correct #SELinux labels.
  • A local repository makes deployment much easier.
  • Use #Jenkins to build and deploy new images.
  • Don't use --link, use Docker networks instead!
  • jwilder/nginx-proxy still has some bugs, especially with custom nginx configurations, but a wonderful tool.
  • jrcs/letsencrypt-nginx-proxy-companion and it was never easier to get certificates.
  • Think about reboots. How you want your containers to be managed? Services for systemctl work quite well so far.
  • Redirect your application logs to the right output. Log management I should take a look at again.

Should also get my private projects into containers next.
Klaus
 Wed, 02 Nov 2016 22:58:16 +0100 
#^Introduction to DevOps: Transforming and Improving Operations
Image/photo
Learn how to transform your organization using the principles and practices of DevOps.

"Introduction to DevOps: Transforming and Improving Operations” aims to help you develop a good working knowledge of the concept of DevOps, covering the foundation, principles, and practices of DevOps. This course will focus on the successful patterns used by high performance organizations over the past 10 years.
 DevOps
Klaus

IP-based virtual hosts in a container

 Mon, 24 Oct 2016 18:34:46 +0200 last edited: Mon, 24 Oct 2016 18:45:59 +0200  
I have a Docker container with a nginx reverse proxy with name based virtual hosts and also wanted to have IP-based virtual hosts. But I always got the default server configuration, even I saw in the logs that the correct destination IP was logged, but the listen statements for the ip:port just had no effect.
It seems not to work with the default bridge network. Running the container with --net=host solved this problem and also the IP-based vhosts worked.
Klaus

Dave Farley: The Rationale for Continuous Delivery

 Wed, 12 Oct 2016 23:17:35 +0200 
#^Dave Farley: The Rationale for Continuous Delivery
Image/photo
Dave Farley bietet in seiner Keynote der Continuous Lifecycle 2015 einen lehrreichen historischen Abriss zur Entwicklung von Continuous Delivery hin zu DevOps.


#Continuous Delivery #CD
 DevOps
Klaus

Tear down docker test containers based on image name

 Thu, 01 Sep 2016 16:49:47 +0200 
Given your #CI generates #Docker images from your Git commits and tags them with something like web01-qa:$BUILD_NUMBER. Right now I can not set a name for the container that gets spun up after every commit, so I needed a solution to tear down the old containers after successful start of a new container based on the image they were created from. This is what I came up with:

docker ps --format "{{.ID}}\t{{.Image}}" | awk -F ':' '/web01-qa/{print $NF, $0}' | sort -r -n | tail -n+2 | awk '/web01-qa/{system("docker stop " $2)}'
Get all running containers, sort them by $BUILD_NUMBER for the image name containing web01-qa, stop all matching containers except the one from the newest image.

Or use docker rm -f if not interested in the old containers anymore.
Klaus

Blue Ocean

 Thu, 02 Jun 2016 17:50:37 +0200 
#^Introducing Blue Ocean: a new user experience for Jenkins
Image/photo

In recent years developers have become rapidly attracted to tools that are not only functional but are designed to fit into their workflow seamlessly and are a joy to use. This shift represents a higher standard of design and user experience that Jenkins needs to rise to meet.
We are excited to share and invite the community to join us on a project we’ve been thinking about over the last few months called Blue Ocean.
Blue Ocean is a project that rethinks the user experience of #Jenkins, modelling and presenting the process of software delivery by surfacing information that’s important to development teams with as few clicks as possible, while still staying true to the extensibility that is core to Jenkins.
Klaus

Automatic server hardening by -T-

 Fri, 16 Jan 2015 10:36:41 +0100 
This is interesting. A project from Deutsche Telekom with #Chef and #Puppet modules for various hardening tasks, such as OS, SSH, MySQL, PostgreSQL, Nginx, Apache. Under Apache 2 license. Just the supported OS versions are not that current.

#^Hardening Framework

Image/photo
Hardening adds a layer into your automation framework, that configures your operating systems and services. It takes care of difficult settings, compliance guidelines, cryptography recommendations, and secure defaults. GitHub Chef Supermarket GitHub Chef Supermarket GitHub Chef Supermarket GitHub Chef Supermarket GitHub Puppet Forge GitHub Puppet F...
Klaus

Buzzword alert!

 Mon, 05 Jan 2015 17:16:33 +0100 
Building better software on schedule with DevOps - ADMIN Magazine
DevOps makes IT departments more efficient and makes their employees happier – but what is it? We describe some basic ingredients of the DevOps recipe.
 DevOps
Klaus

Docker, Chef, & Immutable Infrastructure

 Sun, 02 Nov 2014 01:13:33 +0100 
#^opscode/chef-summit-2014
chef-summit-2014 - Wiki for the Chef Community Summit - 2014
Docker, Chef, & Immutable Infrastructure

#Docker #Chef #CM
 DevOps
Klaus

CoreOS Meetup live stream

 Tue, 14 Oct 2014 11:39:16 +0200 
There will be a live stream from tonight's Docker Cologne meetup about #CoreOS with Brandon Philips (CTO, CoreOS).

#^CoreOS Meetup Cologne, October 14, 2014
Image/photo


Video stream/recording of the October 14, 2014 event in Cologne, hosted by Giant Swarm. Talks featuring Brandon Philips (CTO, CoreOS) and Luke Marsden (CTO, ClusterHQ).

#DockerCGN
Klaus
 Tue, 07 Oct 2014 21:41:33 +0200 
#^Bonn Agile Meetup - Oktober 2014: Docker - Einführung und Microservices mit Docker | Data in Transit
Für das Meetup am 7. Oktober freuen wir uns euch zwei Vorträge zum Thema Container-Virtualisierung mit Docker zu präsentieren. Die agile Softwareentwicklung birgt immer neue Herrausforderung rund um Individuen, Prozesse, Organisation und Infrastruktur. Wir möchten uns den Themen Infrastruktur und Organisation widmen. Docker ist hier eine Teilan...

War ein sehr interessanter Abend. Ein paar gute Ideen mitgenommen. Werde mir auf jeden Fall mal Fig ansehen um Container leichter zu verbinden.
Klaus

Feel welcome to Ruby

 Tue, 07 Oct 2014 16:28:10 +0200 
I should feel pity for everyone who has to work with #Ruby and rubygems. What a fucking dependency and incompatibility hell.

I used to install mailcatcher through gem install in my Vagrant provisioning scripts for a long time. Suddenly a dependency requires a newer Ruby version than what is available on CentOS6. On CentOS7 it still works, but installs another dependent package in a version that causes Encoding::CompatibilityErrors. Installing an older version of the package and everything is fine. And yet another runtime dependency is not installed by gem and needs to be installed manually. Oh and in CentOS6 gem installs it to /usr/bin in CentOS7 suddenly to /usr/local/bin #WTF?!?

At least I can handle all this in a Puppet module and reuse it, but why must these scripts get so fucked up? :-!