|
Does anyone feel like giving me a quick steer on Terraform and Puppet? My shop is sort of perpetually stuck in the past and I am finally getting traction with Puppet adoption. The operations side is nearing the point where I will be able to reduce my level of effort, and the next thing on my list was to look at using Terraform for build automation. I just checked in on Terraform and Puppet integration for the first time and saw that the Puppet provisioner for Terraform is deprecated and will be removed in a future release, but there's no clear guidance on what's supposed to replace it. Is there some new hotness I haven't heard of yet? I know some of you are asking why Puppet and not ansible? I needed something free and something that was designed to run automatically and enforce idempotent system configuration. There's enough inertia at $job that if I just showed people how to write playbooks, they'd humor me and then go back to doing things by hand, and then the playbooks would drift out of sync and become useless, and then it would be accepted wisdom that ansible doesn't work here. I like the way Puppet, once installed, forces you to keep using Puppet to make changes.
|
#
?
Oct 28, 2020 17:14
|
|
|
|
| # ? Apr 18, 2024 21:50 |
|
|
Internet Explorer posted:Good luck! You'll nail it. BaseballPCHiker posted:Good luck! Thanks. Phone screen went well. 4 person interview tomorrow. Also found out despite it being labeled a mid level job, we're in the same ballpark when it comes to salary.
|
|
#
?
Oct 28, 2020 17:17
|
|
|
Zorak of Michigan posted:Does anyone feel like giving me a quick steer on Terraform and Puppet? My shop is sort of perpetually stuck in the past and I am finally getting traction with Puppet adoption. The operations side is nearing the point where I will be able to reduce my level of effort, and the next thing on my list was to look at using Terraform for build automation. I just checked in on Terraform and Puppet integration for the first time and saw that the Puppet provisioner for Terraform is deprecated and will be removed in a future release, but there's no clear guidance on what's supposed to replace it. Is there some new hotness I haven't heard of yet? Have you looked into Ansible-pull? You can use the terraform provisioner to bootstrap the machine to puppet.
|
|
#
?
Oct 28, 2020 18:08
|
|
|
Zorak of Michigan posted:Does anyone feel like giving me a quick steer on Terraform and Puppet? A thing you might have missed here is that ansible is not a direct replacement for puppet. There's a defensible space in every technical organization for "an agent that enforces a particular configuration". Ideally you don't need this, you're describing what is basically an HR problem, but to some extent you can compensate for this HR problem with technology. Zooming out for a second, you have an agent that runs on a machine with a particular set of supported configurations (minimum hardware specs, valid version of ruby, valid set of installed ruby packages such as hiera, etc). You have, in Terraform, a DSL that can be used to drive certain APIs to declaratively enforce the existence of physical or virtual machines with some set of specifications. What seems to be missing is the piece where a bare machine installs dependencies for the puppet agent and then also installs and configures the agent itself? You have a bunch of options here, depending on your provider: unattended OS installs (pxe, kickstart, cloud-init, etc), machine images of some sort (AMIs, vmware templates, etc), or bootstrap configuration (ansible, terraform provisioners, jenkins, or similar). Terraform's provisioners are pretty bad and I'm not surprised they're deprecating the puppet one, it's hard to succinctly describe this but basically Terraform provisioners are bad and should go away because Terraform is a DSL for describing resources, not an orchestration tool, and it is fundamentally a poor choice for orchestration tasks (they go a little bit into why on the main provisioners documentation page). If I'm understanding your post correctly your problem is a lack of orchestration tooling. A lot of tools in this area bleed into the orchestration space to some degree but the simplest and best choice here is ansible, because there is an eventual future where you deprecate puppet entirely in favor of it and it is designed to work with all of the other tools you're currently using.
|
|
#
?
Oct 28, 2020 18:25
|
|
|
Thanks! I don't see us chucking Puppet for Ansible, but maybe I can get cloud-init to do the needful.
|
|
#
?
Oct 28, 2020 18:47
|
|
|
Zorak of Michigan posted:Does anyone feel like giving me a quick steer on Terraform and Puppet? My shop is sort of perpetually stuck in the past and I am finally getting traction with Puppet adoption. The operations side is nearing the point where I will be able to reduce my level of effort, and the next thing on my list was to look at using Terraform for build automation. I just checked in on Terraform and Puppet integration for the first time and saw that the Puppet provisioner for Terraform is deprecated and will be removed in a future release, but there's no clear guidance on what's supposed to replace it. Is there some new hotness I haven't heard of yet? All shops i've been at generally split what terraform does vs what config mgmt (chef/ansible/puppet) / deploy orchestration (Spinnaker) does. In general: Terraform manages infrastructure like VPCs, security groups, AWS services, cloudflare/datadog resources. Config management or deploy orchestration manages creating instances and ASGs, and config management installs packages, configures users et c. In my experience, Salt and Ansible are really good for "Run this, then run this, then run this" and are easier for sysadmins to get going with. Converging config management solutions (Puppet, Chef) are easier for software devs to get their head around. Trying to get Ansible or Salt to converge is really hard, we gave up on it. (Then again we run Ansible in a weird way - instead of running on a controller node, a shellscript on node pulls down the ansible repo, swaps it's branch to the correct one (so we can test branches before merging), sets some vars and then runs ansible-playbook locally on the node.) Personally I wouldn't try to spend too much time on cloud-init - the docs are terrible and it's just been an exercise in frustration. My cloud-init config is basically "do the needful to start ansible" edit: it's literally code:luminalflux fucked around with this message at 19:27 on Oct 28, 2020 |
|
#
?
Oct 28, 2020 19:00
|
|
|
I just had a support call with a user who is usually a particular pain in the rear end. During the call, she had to put me on hold to help her child figure out how to copy-paste or save a picture or something. I could tell from the yelling in the background that it was particularly frustrating. Not gonna lie it felt pretty good to say, "tech support sucks doesn't it?" when she finally got back on the phone with me 
|
|
#
?
Oct 28, 2020 19:09
|
|
|
Thanks to the people suggesting I look at Packer earlier in the thread. Messed around with it for a couple of hours today and it looks like it'll make keeping our images up to date a cinch.
|
|
#
?
Oct 28, 2020 19:09
|
|
|
Supposed to hear back on whether a job wants to do another interview today, but it's almost the end of the Eastern time zone work day and nothing. The waiting is agonizing. I know not to expect to hear back from the other job until at least the 2nd, but that's the job I don't want as much.
|
|
#
?
Oct 28, 2020 19:13
|
|
|
I worked at a place where the demarcation point was "you can find our application packages at this uri" and that's probably the best and most healthy I've seen a software delivery organization to date. Ultimately, I don't want software dev to know or even care about the mechanism by which we install a package on a server or even how we cycle servers for deployment because it's not a core competency for them and it doesn't really matter either. The best way to communicate across this boundary IMO is through expectations and metrics. We have a data processing service X, it must always be handling at least 0.3% of total queued messages per second -- it's not hard to support this requirement with any reasonable piece of deployment technology and it keeps development focused on feature specs and service requirements, which is what they're good at, instead of worrying about which VPC to use or who to escalate to when a k8s-mapped elb scales too high in their environment and exhausts all of the available ip address space.
|
|
#
?
Oct 28, 2020 19:14
|
|
|
luminalflux posted:All shops i've been at generally split what terraform does vs what config mgmt (chef/ansible/puppet) / deploy orchestration (Spinnaker) does. In general: Terraform manages infrastructure like VPCs, security groups, AWS services, cloudflare/datadog resources. Config management or deploy orchestration manages creating instances and ASGs, and config management installs packages, configures users et c. Thanks. In my lab environment, at least, it's easy for me to mess with the template Terraform would use, so all I need to figure out is how to pass through the Puppet role and some sort of token for Puppet autosigning. This reminds me that I may be making the xy mistake so let me just throw open the floodgates - my goal is to automate provisioning of on-prem VMware guests without spending any money. Terraform can do that and it seemed like it would at least be good for my professional development to learn something about it, but if there are other freely available tools I'm not thinking of that would be better, I'm all ears.
|
|
#
?
Oct 28, 2020 19:45
|
|
|
If you're using terraform there's absolutely nothing preventing you from bootstrapping a guest to puppet with a provisioner, but that's as far as I'd go with it.
|
|
#
?
Oct 28, 2020 19:47
|
|
|
Zorak of Michigan posted:Thanks. In my lab environment, at least, it's easy for me to mess with the template Terraform would use, so all I need to figure out is how to pass through the Puppet role and some sort of token for Puppet autosigning. I generally manage that with tagging in AWS - ansible looks at the role tag on the instance and from there infers which playbook to run. We have a ton of group_vars set on AWS tags - role, environment are the big ones we look at but there's others (like which deploy tool is deploying it, since when Spinnaker deploys things we need to do some stuff a little differently than the legacy tool). I don't know what kind of metadata you can pass around in vmware these days tho Edit: And yeah, I wouldn't manage VMs with terraform. VM lifecycle I leave up to ansible or ASGs controlled by Spinnaker. I have seen people manage the ASG configuration with Terraform, which is probably OK if you're not updating the launch config that often luminalflux fucked around with this message at 19:58 on Oct 28, 2020 |
|
#
?
Oct 28, 2020 19:53
|
|
|
I have a potential interview with a Fortune 100 company but the position is contract-to-hire, never really had experience with this before. The recruiter went over it a bit as a shortcut past their internal hiring process, but they're the recruiter so who knows. Can anyone give me the warn and fuzzies about this type of hiring? The position will pay literally double what I make currently.
|
|
#
?
Oct 28, 2020 20:31
|
|
|
I can tell you that C2H sometimes works out. A good friend of mine did the C2H route and it worked out for him, but I would wager it doesn't work out for a lot of people. There's a few reasons for a company to use the C2H route, none of them good for the employee. If you can afford to be out of work at the end of the contract for a while, it's worth a gamble I think.
|
|
#
?
Oct 28, 2020 20:36
|
|
|
I am leery of C2H as well, since you can just get dropped for any reason at the end of the contract. Having said that, my current position was C2H, it was a 3 month contract and they bought out the contract halfway through to make me an FTE.
|
|
#
?
Oct 28, 2020 20:47
|
|
|
I just made a similar move as it was an over 50% raise, big decrease in hours, and since I can get healthcare from my partner. Cheers!
Otis Reddit fucked around with this message at 21:02 on Oct 28, 2020 |
|
#
?
Oct 28, 2020 20:49
|
|
|
I actually got a recruiter call today for a C2H Manager position managing all FTE's. Seems... odd, to say the least.
|
|
#
?
Oct 28, 2020 20:50
|
|
|
The reason they gave was that internal HR was given months to produce candidates and couldn't, so now they're using these guys instead to get it filled quick. So, worst case scenario I make a bunch of money for a year and get laid off, or they buy out the contract before the year is up? Is there a situation where they could terminate me before the 12 months? Or is that limited to real bad fuckups?
|
|
#
?
Oct 28, 2020 20:58
|
|
|
Spring Heeled Jack posted:The reason they gave was that internal HR was given months to produce candidates and couldn't, so now they're using these guys instead to get it filled quick. Terminating a contract employee skirts protections even in the few states that have them. They can terminate you at any time, even without cause.
|
|
#
?
Oct 28, 2020 21:00
|
|
|
Spring Heeled Jack posted:I have a potential interview with a Fortune 100 company but the position is contract-to-hire, never really had experience with this before. The recruiter went over it a bit as a shortcut past their internal hiring process, but they're the recruiter so who knows. Can anyone give me the warn and fuzzies about this type of hiring? The position will pay literally double what I make currently. I've only done contract to hire once and it was a good experience for me. The employer basically used it as a probation period. If you were good you got converted to full time permanent. This was back in my helpdesk days, and 3/4 guys I started with got converted. The only one who didnt was a let go with good reason as he was a terrible tech. So anecdotal but it worked for me. The firm I was hired through was Insight Global if it makes any difference.
|
|
#
?
Oct 28, 2020 21:04
|
|
|
I feel like the worst part of an interview for me is when you don't use the lingo and jargon to describe things and the interviewing manager does. I can describe what the hell I do I just dont rattle off all these acronyms and words the same way. It's frustrating and I feel like I'm missing something in my own career sometimes because I don't talk that way. And there are a gently caress load of things you have to know and remember
|
|
#
?
Oct 28, 2020 21:08
|
|
|
BaseballPCHiker posted:I've only done contract to hire once and it was a good experience for me. The employer basically used it as a probation period. If you were good you got converted to full time permanent. This was back in my helpdesk days, and 3/4 guys I started with got converted. The only one who didnt was a let go with good reason as he was a terrible tech. My employer used to use TEKsystems the same way. All new hires were C2H through them, and if you were good, you got converted after six months. Even knowing that, I don't think I'd take C2H if I already had a gig. You're at the mercy of the whole hiring org. You could work your rear end off to prove you were worth converting, and then get told that they loved you but the permanent position was gone, or had been reclassified and it was yours but at 80% of the salary you expected, or all sorts of other fuckery.
|
|
#
?
Oct 28, 2020 21:23
|
|
|
I signed up as a 6 month C2H and the hiring company decided to keep us all on as permanent contractors w/ minimal benefits. Lesson learned, I guess.
|
|
#
?
Oct 28, 2020 21:29
|
|
|
C2H is just a way to make it as easy as possible for your employer to gently caress you, which is really saying something with the state of US labor law. It may work out, but I absolutely wouldn't be up for it. Probationary period is fine, but if my rear end is committing to work for you and my entire livelihood is on the line, there should be a clear commitment from the employer as well or why are we even talking.
|
|
#
?
Oct 28, 2020 21:38
|
|
|
Spring Heeled Jack posted:Can anyone give me the warn and fuzzies about this type of hiring? Was this a typo
|
|
#
?
Oct 28, 2020 23:17
|
|
|
uniball posted:Was this a typo Apparently not
|
|
#
?
Oct 28, 2020 23:23
|
|
|
Zorak of Michigan posted:or had been reclassified and it was yours but at 80% of the salary you expected, or all sorts of other fuckery. Oh hey, it's what happened to me. How big of a red flag is a company bragging about donating to Operation Underground Railroad? On one hand at the surface it sounds like a great charity, on the other hand once you learn even a little bit about it, it gets a bit QAnon-y. I'm not sure how much due diligence to expect a company to do on their charitable donations.
|
|
#
?
Oct 28, 2020 23:25
|
|
|
They should be doing a lot of due diligence if they are going to make it a thing that you are aware of at the job application level.
|
|
#
?
Oct 29, 2020 00:15
|
|
|
It's in their Glassdoor summary, one of the questions on their application was "Why do you want to work for us" so I was looking at their page so I could BS something other than "I want money and to work remotely and you have a good Glassdoor rating." E: I didn't get the job I was really hoping for, so I'm channeling my disappointment into job applications, got 5 done tonight so far. 22 Eargesplitten fucked around with this message at 01:02 on Oct 29, 2020 |
|
#
?
Oct 29, 2020 00:16
|
|
|
22 Eargesplitten posted:How big of a red flag is a company bragging about donating to Operation Underground Railroad? It's the same reason so many companies blindly donate to Autism Speaks despite it being a hydra of parent-guilt that follows the TLC freakshow model where they act like it's literally the worst thing in the world and a death sentence BUT THEY'RE SO HUMAN AWWWW LOOK AT THEM <3 <3 <3 to absolve their awfulness They see the marketable name, quick glance at the website and decide good enough.
|
|
#
?
Oct 29, 2020 04:06
|
|
|
Yeah, that's what I was kind of figuring, but there are some less than pleasant people out there latching onto that stuff too. Applied to 16 jobs tonight, we'll see if anything pans out over the next week or so. I'll take this other job if they offer, but I'd rather have them as leverage for negotiation for another company.
|
|
#
?
Oct 29, 2020 04:31
|
|
|
Terraform is for config management at a provider level, like aws, gcp, datadog, basically some web based api. Puppet and ansible can do some of that, but terraform is a better fit. How we do it is to build images with packer, that get registered as an AMI, with puppet or ansible prebaked in, we then setup ASGs that use those AMIs which in turn go to town once they boot and check in. All of the AWS config except the actual host config, aka networks, RDS, etc are in terraform. With that said we are rapidly killing both ansible and puppet, because kubernetes is eating into the space of existing config management tooling with a much better experience. That’s the real killer functionality imo, as I don’t have to do weird stuff with puppet, ansible or salt anymore. We gone from several thousand nodes using puppet to less then 100 in 2 years and are getting close to killing the rest of them off.
|
|
#
?
Oct 29, 2020 04:56
|
|
|
freeasinbeer posted:Terraform is for config management at a provider level, like aws, gcp, datadog, basically some web based api. Puppet and ansible can do some of that, but terraform is a better fit. I manage my kubernetes with ansible
|
|
#
?
Oct 29, 2020 05:14
|
|
|
I reset passwords.
|
|
#
?
Oct 29, 2020 07:08
|
|
|
Methanar posted:I manage my kubernetes with ansible So you use it to bootstrap nodes? Or are you doing using it for arbitrary kubernetes deployments? If so your one of the few I’ve heard of that use it that way. Across multiple orgs the total amount of cm code I’ve seen is weighted heavily away from tooling like ansible or puppet as compared to what it used to be, in particular any app configs that existed.
|
|
#
?
Oct 29, 2020 13:22
|
|
|
Quick question, anybody recommend a free SFTP server they like? There's a lot of options out there.
|
|
#
?
Oct 29, 2020 16:14
|
|
|
Heffer posted:Quick question, anybody recommend a free SFTP server they like? There's a lot of options out there. https://hub.docker.com/r/atmoz/sftp
|
|
#
?
Oct 29, 2020 16:15
|
|
|
I played around with this briefly for a project and it worked well. Not a lot of documentation on the k8s side for some situations at the time but I was able to sort it out.
|
|
#
?
Oct 29, 2020 17:16
|
|
|
|
| # ? Apr 18, 2024 21:50 |
|
|
Methanar posted:I manage my kubernetes with ansible I've managed mine with terraform, but it was basically just getting an EKS cluster off the ground, adding some workers and then adding kubeconfig to add our AWS IAM roles as admins.
|
|
#
?
Oct 29, 2020 17:23
|
|