Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Gabriel S.
May 20, 2006

I WILL KEEP IMMIGRANT CHILDREN IN A LOCKBOX, AND THAT PAYS DOWN THE NATIONAL DEBT.

Put this Nazi Scientist fuck on ignore immediately!


Is there even a built-in way to purge teams chat history? I suspect you'd have to do some serious lifting to make this happen. It's not like Skype where you have a conversations history in your Inbox.

Edit - A quick search shows this is on Microsoft's backlog but users can still delete individual messages.

Adbot
ADBOT LOVES YOU

Sickening
Jul 15, 2007

Black summer was the best summer.

Gabriel S. posted:

Is there even a built-in way to purge teams chat history? I suspect you'd have to do some serious lifting to make this happen. It's not like Skype where you have a conversations history in your Inbox.

Edit - A quick search shows this is on Microsoft's backlog but users can still delete individual messages.

Yes, retention policies.

Boba Pearl
Dec 27, 2019

Yellow Pearl, Blue Pearl, Pink Pearl

Boba Pearl.




I did 4 years of customer service telling people how to use word, reset their routers, set up webcams and stuff for wfh stuff like that.

I'm switching my degree to network engineering AS because that's closer to what I want (a 80 - 120k Sysadmin position in silicon valley where I live.)

As part of my degree I'd get MSCA 1/2/3 CCNA 1/2/3 (I don't know how this relates to the CCNA cert path) CompTIA A+ / Cloud+/ Security+

Is that enough to get me in the door for a 50 - 60k a year job in the bay area?

Boba Pearl fucked around with this message at 04:08 on Aug 27, 2020

jaegerx
Sep 10, 2012

Maybe this post will get me on your ignore list!



Boba Pearl posted:

I did 4 years of customer service telling people how to use word, reset their routers, set up webcams and stuff for wfh stuff like that.

I'm switching my degree to network engineering AS because that's closer to what I want (a 80 - 120k Sysadmin position in silicon valley where I live.)

As part of my degree I'd get MSCA 1/2/3 CCNA 1/2/3 (I don't know how this relates to the CCNA cert path) CompTIA A+ / Cloud+/ Security+

Is that enough to get me in the door for a 50 - 60k a year job in the bay area?


50-60k in the bay is level 1 tech support.

Boba Pearl
Dec 27, 2019

Yellow Pearl, Blue Pearl, Pink Pearl

Boba Pearl.




That's good to hear that I'm on the right path then.

Internet Explorer
Jun 1, 2005


Gabriel S. posted:

On another does anyone here work with SCCM or Intune? The amount of imaging related positions available all the sudden is really surprising at the moment or a bunch of corporations suddenly realized understaffing it is a huge business liability.

I'm generally more of a VDI/sysadmin kinda guy, but I am leading a SCCM to Intune project right now. My guess is that there are a lot of companies like mine out there who got caught with their pants down and took for granted that everyone would always be on the LAN/VPN and are also migrating from SCCM to Intune and a more modem stack that is decentralized.

jaegerx
Sep 10, 2012

Maybe this post will get me on your ignore list!



Boba Pearl posted:

That's good to hear that I'm on the right path then.

if you get half of what you want in those certs you're looking at north of 100k easy in the bay area for onsite work.

Agrikk
Oct 17, 2003

Take care with that! We have not fully ascertained its function, and the ticking is accelerating.


The Iron Rose posted:


Admittedly I’m not sure why you’d need an EFS mount, but the rest is reasonable.

EFS hold the Wordpress code in a central place and each Linux instance mounts it and runs it.

This way you have only one set of files to update and all the pre-baked AMI has to do when launching a new instance is mount the EFS share and start Apache.

Methanar
Sep 26, 2013
ASK ME ABOUT NOT TIPPING DELIVERY DRIVERS, OR ABOUT MY DIET OF CANNED BABY CORN AND CHICKEN NUGGETS

Agrikk posted:

EFS hold the Wordpress code in a central place and each Linux instance mounts it and runs it.

This way you have only one set of files to update and all the pre-baked AMI has to do when launching a new instance is mount the EFS share and start Apache.

Why is this better than regularly building new AMIs with whatever packages, updating the LC and rolling the asg.

I guess its more work if all you're doing is running wp. But if you want less effort you'd probably not bother with any of this at all.

jaegerx
Sep 10, 2012

Maybe this post will get me on your ignore list!



The better question is why self host Wordpress?

Methanar
Sep 26, 2013
ASK ME ABOUT NOT TIPPING DELIVERY DRIVERS, OR ABOUT MY DIET OF CANNED BABY CORN AND CHICKEN NUGGETS

jaegerx posted:

The better question is why self host Wordpress?

cloud 'engineering'

Critical
Aug 22, 2007

Time for some fuckin' garbage posting.




Honest question, is this thing worth half a gently caress for entry level gigs? Or would the A+ definitely be more preferable for someone who knows enough to troubleshoot and replace components?

It only has 2 years in the IT space so I'm not sure if anyone is even looking for it or takes it seriously. However having it be structured fit me a little better than self-studying for the A+. They also say they will send out your resume to companies but I'm dubious of the efficacy.

12 rats tied together
Sep 7, 2006



Rolling new amis for every change sucks rear end to actually do in prod, even if it is the standard answer that a lot of people reach for. IMHO a lot of this (not all) is naivete, it sounds easy, and it's really easy to explain, so it has to be easy to do for all of your apps, right? And then you need to upgrade to a hotfix release of wordpress overnight because of a 10.0 rating CVE but the new version of wordpress has package incompatibilities with the old version, so you roll a new ami, except the new packages for wordpress conflict with the packages required for your old wordpress plugins, so you roll another ami, etc.

There's nothing fundamentally different between an AMI and an ec2 instance that you configure once except that the AMI boots faster and the configured-once instance is easier to work with.

Gort
Aug 18, 2003


If a third of the availability zones in AWS London could stop loving up on a daily basis that would be cool

devmd01
Mar 7, 2006

Elektronik
Supersonik


A ticket came in yesterday: “please add <lovely access dB app> to Citrix, performance has been terrible ever since we went remote only”

We are actively trying to kill off our entire Citrix environment and don’t want to add anything to it. As soon as the email notification came in, I hit reply-all to send to the team “let me be the first to say....**** NO.”

I think you can extrapolate what happened from there. Oops.

The Iron Rose
May 12, 2012

Cat Army


Critical posted:

Honest question, is this thing worth half a gently caress for entry level gigs? Or would the A+ definitely be more preferable for someone who knows enough to troubleshoot and replace components?

It only has 2 years in the IT space so I'm not sure if anyone is even looking for it or takes it seriously. However having it be structured fit me a little better than self-studying for the A+. They also say they will send out your resume to companies but I'm dubious of the efficacy.

It will teach you more than the A+, that’s for sure.

Agrikk
Oct 17, 2003

Take care with that! We have not fully ascertained its function, and the ticking is accelerating.


Methanar posted:

Why is this better than regularly building new AMIs with whatever packages, updating the LC and rolling the asg.

I guess its more work if all you're doing is running wp. But if you want less effort you'd probably not bother with any of this at all.

Because if all I am doing is a code update, why bother redeploying my entire fleet when I can do a single code push to a single location?

Also: Y’all are too fixated on the workload being Wordpress rather than an easily understandable workload the explains how all of the pieces of the AWS puzzle fit together to deliver a scaleable and failure-resistant architecture.

I’ve built this architecture and with little effort I was able to hit it with a hundred thousand simultaneous connections in a synthetic load test without it breaking a sweat. That’s the point of this architecture.

Agrikk fucked around with this message at 15:09 on Aug 27, 2020

angry armadillo
Jul 26, 2010


It's been a while but we are about to have a battle of the managers.

We have hired a new HR person at quite a senior level, who has come to me and said I want some random piece of software. I've never heard of it, seems to be some kind of project management/organisational skills software
I managed expectations and went 'haha good luck, there will be a few hoops to jump through before it will even get considered let alone approved, let me tell you what they are'

As she is new, the thought of jumping through IT hoops seemingly didn't put her off, so popcorn at the ready, I shall email my boss and let him know the request is incoming.

Interestingly, I've asked her to justify what it is and why she wants it so I can get my boss on board, which she hasn't given me anything to go on, yet she has spoken with the HR Director who is supposedly convinced the HR department now all need this software. There seems to be some discrepancy in your sales pitch between the nothing you've told me and whatever you told your boss, but hey, lets go.

22 Eargesplitten
Oct 10, 2010

Also sexism, religious bias, jingoism, and so on. Don't do it, people!

Dogs, don't do it either, even if the police man really tries to train you to do it.


Methanar posted:

Why is this better than regularly building new AMIs with whatever packages, updating the LC and rolling the asg.

I guess its more work if all you're doing is running wp. But if you want less effort you'd probably not bother with any of this at all.

On top of what Agrikk said, there are official Wordpress supported AMIs that automatically apply security updates. On one hand that risks plugins breaking if the new security update isn't compatible, on the other hand it keep security up to date without requiring a full-time wordpress admin.

Wordpress wouldn't have been my first choice, but given what the guy wanted from his site and the technical resource he has currently, it was the best option. I didn't do the multiple AZ deployment, though, the damage from an outage isn't worth the extra cost to him at this point.

skipdogg
Nov 29, 2004
Resident SRT-4 Expert


angry armadillo posted:

It's been a while but we are about to have a battle of the managers.

We have hired a new HR person at quite a senior level, who has come to me and said I want some random piece of software. I've never heard of it, seems to be some kind of project management/organisational skills software
I managed expectations and went 'haha good luck, there will be a few hoops to jump through before it will even get considered let alone approved, let me tell you what they are'

As she is new, the thought of jumping through IT hoops seemingly didn't put her off, so popcorn at the ready, I shall email my boss and let him know the request is incoming.

Interestingly, I've asked her to justify what it is and why she wants it so I can get my boss on board, which she hasn't given me anything to go on, yet she has spoken with the HR Director who is supposedly convinced the HR department now all need this software. There seems to be some discrepancy in your sales pitch between the nothing you've told me and whatever you told your boss, but hey, lets go.

This isn't an attack against you or anything, but I'm curious as to why it seems IT is the gatekeeper of software for business use. I know orgs of different size have different structures and things like that, but in my org IT is not the gatekeeper of this stuff. We're here to support the business. If HR comes to us and says we're buying this software, we help them by providing the infrastructure, working with the software company to deploy it, etc. We don't dictate anything to the business except our supported platforms.

Like I said, not an attack or anything, just seems interesting that an HR Director would have to get IT approval for something they want to do.

The Fool
Oct 16, 2003



The biggest issue is that in a lot of organizations a business unit will decide on a piece of software, not inform anyone, then complain when it doesn't work and expect IT to fix it.

This is also how you get 40 different SaaS subscriptions and none of them support SSO.

Honey Im Homme
Sep 3, 2009



To prevent shadow IT

Defenestrategy
Oct 24, 2010

Worst decision I ever made.


skipdogg posted:

HR Director would have to get IT approval for something they want to do.

IT should have some say in anything that peripherally touches the network or employee computers, just to keep obviously dangerous/illegal stuff out of the company. Further, if you're like my company IT is gonna be the one administrating/setting up what ever program HR is buying so just from a personnel stand point IT needs to know how much effort/people to task to doing that.

luminalflux
May 27, 2005



12 rats tied together posted:

Rolling new amis for every change sucks rear end to actually do in prod, even if it is the standard answer that a lot of people reach for.

I have Spinnaker do this for me, works great.

Sickening
Jul 15, 2007

Black summer was the best summer.

skipdogg posted:

This isn't an attack against you or anything, but I'm curious as to why it seems IT is the gatekeeper of software for business use. I know orgs of different size have different structures and things like that, but in my org IT is not the gatekeeper of this stuff. We're here to support the business. If HR comes to us and says we're buying this software, we help them by providing the infrastructure, working with the software company to deploy it, etc. We don't dictate anything to the business except our supported platforms.

Like I said, not an attack or anything, just seems interesting that an HR Director would have to get IT approval for something they want to do.

Because "business use" isn't always decided by individual department worker bees. Its more likely solely decided by company senior leadership. Standardizing what software is approved (and how) for business use is sometimes necessary to make sure the software is supported properly and risk is evaluated and/or accepted. You want it patched right? You want to know who to call when you have an issue? You probably want to also decide whose cost center this stuff goes again? Who is handling the business agreement, licensing, and other contract stuff? Who is going to make sure the account that owns the software isn't someone's gmail?

It does help everyone involved if IT has a better attitudes about all of it though.

Honey Im Homme posted:

To prevent shadow IT



If you don't understand the risks to shadow IT, that might be the better question to ask.

Sickening fucked around with this message at 16:53 on Aug 27, 2020

Nuclearmonkee
Jun 10, 2009




The Fool posted:

The biggest issue is that in a lot of organizations a business unit will decide on a piece of software, not inform anyone, then complain when it doesn't work and expect IT to fix it.

This is also how you get 40 different SaaS subscriptions and none of them support SSO.

There’s also the whole thing where you have people being sold on fix problem X with Y software when X is already a thing your existing software can do. Or you have a new manager who wants to “shake things up” and they had X at their last company and want it again.

It works best if IT remains in tune with business needs and helps with the whole process of picking out and deploying software. These people aren’t necessarily technical people and need IT as a resource to make sure you don’t end up with tons of expensive poo poo for no reason.

Or even worse, have departments deploying their own SaaS crap that gets inevitably inherited by IT to support after the fact.

goobernoodles
May 28, 2011

Wayne Leonard Kirby.

Orioles Magician.


Anyone have any experience with smart deploy as an imaging platform?

12 rats tied together
Sep 7, 2006



luminalflux posted:

I have Spinnaker do this for me, works great.

I looked into spinnaker like 4-5 years ago and I really liked it except, IIRC:

- no way to define spinnaker jobs in a DSL or markup language
- auto-configuring login users, permissions, etc, was kind of a nightmare (I wanna say it had groovy scripts or something?)
- hard to integrate with other tools, in our case, ansible

are those things different now? I've been using AWX as a spinnaker-compatible tool since they added workflows (ansible DAGs, basically) which have approval gates that can be manual or triggered through automation etc.

luminalflux
May 27, 2005



12 rats tied together posted:

- no way to define spinnaker jobs in a DSL or markup language

https://github.com/armory/dinghy is what we use for pipelines as code.

quote:

- auto-configuring login users, permissions, etc, was kind of a nightmare (I wanna say it had groovy scripts or something?)

We use Okta for auth, haven't had to deal with fiat for setting permissions.

quote:

- hard to integrate with other tools, in our case, ansible

What's your ansible integration case? In our case, in the bake case packer kicks off an ansible playbook on the instance that configures the instance (pulls down apt packages, pulls code, configures crap). When the instances launch in the ASG, they run an ansible playbook that does a quick reconfigure of datadog / filebeat / application and starts the correct services based on tags.

We've integrated Spinnaker with our various chatbots and deploy services with the API and it's been pretty OK - not the best api, not the worst.

12 rats tied together
Sep 7, 2006



This was a couple jobs ago so I don't recall the exact case but we wanted "the full playbook experience" -- slack messages, grafana annotations, cloudformation update orchestration, etc. I'm interested in the instance launch scenario, are those nodes using ansible-pull? It's a really cool use case either way.

Dinghy looks awesome too. I'll put spinnaker back in my mental "possible to use seriously" column.

luminalflux
May 27, 2005



12 rats tied together posted:

This was a couple jobs ago so I don't recall the exact case but we wanted "the full playbook experience" -- slack messages, grafana annotations, cloudformation update orchestration, etc. I'm interested in the instance launch scenario, are those nodes using ansible-pull? It's a really cool use case either way.

No idea what ansible-pull is - we do a git clone of the ansible repo, switch it to the branch specified in tags (for testing ansible branches) and run ansible-playbook locally. We don't run ansible from a controller or anything, each instance runs it locally.

Boba Pearl
Dec 27, 2019

Yellow Pearl, Blue Pearl, Pink Pearl

Boba Pearl.




What's shadow it?

Schadenboner
Aug 15, 2011

I MEAN, TURN OFF YOURE MONITOR, MIGTH EXPLAIN YOUR BAD POSTS, HOPE THIS HELPS?!



Boba Pearl posted:

What's shadow it?

When other departments roll their own cloud solutions without IT's input but which IT ends up having to support.

Especially fun if you're in a regulated industry!

Methanar
Sep 26, 2013
ASK ME ABOUT NOT TIPPING DELIVERY DRIVERS, OR ABOUT MY DIET OF CANNED BABY CORN AND CHICKEN NUGGETS

12 rats tied together posted:

- no way to define spinnaker jobs in a DSL or markup language

We have a bunch of jsonnet that is instantiated for each service to render out standard pipelines for all of our environments. We just get a big json blob out that gets posted to the spinnaker API.

pre-prod vs prod registry to pull from, graphite annotations, canarys, optional manual approval steps, optional canary analysis

It works okay if you can tolerate jsonnet

luminalflux
May 27, 2005



Methanar posted:

We have a bunch of jsonnet that is instantiated for each service to render out standard pipelines for all of our environments. We just get a big json blob out that gets posted to the spinnaker API.

pre-prod vs prod registry to pull from, graphite annotations, canarys, optional manual approval steps, optional canary analysis

It works okay if you can tolerate jsonnet

I wrote something like that for templating out pipelines until we get dinghy fully up and running, and at one point I wrote a Terraform provider for expressing pipelines. It's not hard to do, just tedious.

12 rats tied together
Sep 7, 2006



luminalflux posted:

No idea what ansible-pull is - we do a git clone of the ansible repo, switch it to the branch specified in tags (for testing ansible branches) and run ansible-playbook locally. We don't run ansible from a controller or anything, each instance runs it locally.

ansible pull is a utility that turns ansible into chef, you probably already have it installed even! it's part of the standard library

the idea is that you cron it, basically, and it otherwise does what you describe

I actually can't stand jsonnet/ksonnet/proliferation of go templates/etc. IMO tools should focus on the end documents and be engine agnostic, let me bring my own templating basically. I really like CloudFormation for this reason because we were writing yaml templates like 3 years before it was an official feature, just convert to json before sending and nobody has to know.

I haven't looked up jsonnet and similar in a super long time so this might be totally nonsensical to say.

luminalflux
May 27, 2005



12 rats tied together posted:

ansible pull is a utility that turns ansible into chef, you probably already have it installed even! it's part of the standard library

the idea is that you cron it, basically, and it otherwise does what you describe

Looking at it, it's similar to what we do but not entirely for branches. Their behaviour seems to be to check out a branch. We check out the main branch and then merge the branch we're testing on top of it. Basically it makes it a lot easier for testing your branch since you don't need to constantly rebase on top of the main branch (so if someone's changed app config and merged it, you get those changes).

quote:

I actually can't stand jsonnet/ksonnet/proliferation of go templates/etc. IMO tools should focus on the end documents and be engine agnostic, let me bring my own templating basically.

If JSON is your end result, you can template Jinja in YAML and just convert that to JSON - that's what I do for my pipeline templates.

Methanar
Sep 26, 2013
ASK ME ABOUT NOT TIPPING DELIVERY DRIVERS, OR ABOUT MY DIET OF CANNED BABY CORN AND CHICKEN NUGGETS

12 rats tied together posted:

ansible pull is a utility that turns ansible into chef, you probably already have it installed even! it's part of the standard library

the idea is that you cron it, basically, and it otherwise does what you describe

I actually can't stand jsonnet/ksonnet/proliferation of go templates/etc. IMO tools should focus on the end documents and be engine agnostic, let me bring my own templating basically. I really like CloudFormation for this reason because we were writing yaml templates like 3 years before it was an official feature, just convert to json before sending and nobody has to know.

I haven't looked up jsonnet and similar in a super long time so this might be totally nonsensical to say.

jsonnet on its own is arbitrary rendering of json structured data according to a turing complete DSL. jsonnet is completely agnostic as to what you're ultimately rendering out.

ksonnet is something totally different that I don't understand and is a dead project.

12 rats tied together
Sep 7, 2006



luminalflux posted:

Looking at it, it's similar to what we do but not entirely for branches. Their behaviour seems to be to check out a branch. We check out the main branch and then merge the branch we're testing on top of it. Basically it makes it a lot easier for testing your branch since you don't need to constantly rebase on top of the main branch (so if someone's changed app config and merged it, you get those changes).

My initial reaction to this was very negative -- I want to test my branch, right? Not my branch after I had done some other thing to it. If I wanted to test that other thing, I would make my branch into that other thing, and then test that instead. But, thinking about it for a sec, about 99% of the time I do actually just want to test my branch plus latest master. I always rebase anyway because it's muscle memory, but, this is a valid workflow too and would be helpful for people who aren't super into git.

Methanar posted:

jsonnet on its own is arbitrary rendering of json structured data according to a turing complete DSL. jsonnet is completely agnostic as to what you're ultimately rendering out.

ksonnet is something totally different that I don't understand and is a dead project.

I actually did not know that jsonnet could output ini, yaml, etc. That's actually kind of good, which is something I almost never say about templating systems that aren't jinja2.

Adbot
ADBOT LOVES YOU

luminalflux
May 27, 2005



12 rats tied together posted:

My initial reaction to this was very negative -- I want to test my branch, right? Not my branch after I had done some other thing to it. If I wanted to test that other thing, I would make my branch into that other thing, and then test that instead. But, thinking about it for a sec, about 99% of the time I do actually just want to test my branch plus latest master. I always rebase anyway because it's muscle memory, but, this is a valid workflow too and would be helpful for people who aren't super into git.

It's a bit of a mindfuck at first but it's also how we test app branches in production too when someone wants to canary a change before merging, since devs aren't great at git and we have a fast-moving monolith. 99% of the time this is what you want - you care about your changes, and if someone else changed stuff in the other part of the app that's fine, and merging it on top of the main branch will most likely be correct and good.

The logic is basically: if there's no canary branch specified, use the sha that is baked into the AMI. Else:
code:
cd /app
git fetch
git reset --hard origin/release
git merge --no-commit origin/${CANARY_BRANCH}

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply