Book Image

Infrastructure as Code (IAC) Cookbook

By : Stephane Jourdan, Pierre Pomès
Book Image

Infrastructure as Code (IAC) Cookbook

By: Stephane Jourdan, Pierre Pomès

Overview of this book

Para 1: Infrastructure as code is transforming the way we solve infrastructural challenges. This book will show you how to make managing servers in the cloud faster, easier and more effective than ever before. With over 90 practical recipes for success, make the very most out of IAC.

Related Content you might be interested in

Current Title:

Small book image
Infrastructure as Code (IAC) Cookbook
Stephane Jourdan | Pierre Pomès
Feb, 2017 | 440 pages
Small book image
Chef Cookbook
Matthias Marschall
Feb, 2017 | 268 pages
Small book image
Getting Started with Terraform
Kirill Shirinkin
Jul, 2017 | 208 pages
Small book image
Docker Orchestration
Randall Smith
Jan, 2017 | 284 pages
Table of Contents (18 chapters)
Infrastructure as Code (IAC) Cookbook
Infrastructure as Code (IAC) Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Vagrant Development Environments
Vagrant Development Environments
Introduction
Adding an Ubuntu Xenial (16.04 LTS) Vagrant box
Using a disposable Ubuntu Xenial (16.04) in seconds
Enabling VirtualBox Guest Additions in Vagrant
Using a disposable CentOS 7.x with VMware in seconds
Extending the VMware VM capabilities
Enabling multiprovider Vagrant environments
Customizing a Vagrant VM
Using Docker with Vagrant
Using Docker in Vagrant for a Ghost blog behind NGINX
Using Vagrant remotely with AWS EC2 and Docker
Simulating dynamic multiple host networking
Simulating a networked three-tier architecture app with Vagrant
Showing your work on the LAN while working with Laravel
Sharing access to your Vagrant environment with the world
Simulating Chef upgrades using Vagrant
Using Ansible with Vagrant to create a Docker host
Using Docker containers on CoreOS with Vagrant
2
Provisioning IaaS with Terraform
Provisioning IaaS with Terraform
Introduction
Configuring the Terraform AWS provider
Creating and using an SSH key pair to use on AWS
Using AWS security groups with Terraform
Creating an Ubuntu EC2 instance with Terraform
Generating meaningful outputs with Terraform
Using contextual defaults with Terraform
Managing S3 storage with Terraform
Creating private Docker repositories with Terraform
Creating a PostgreSQL RDS database with Terraform
Enabling CloudWatch Logs for Docker with Terraform
Managing IAM users with Terraform
3
Going Further with Terraform
Going Further with Terraform
Introduction
Handling different environments with Terraform
Provisioning a CentOS 7 EC2 instance with Chef using Terraform
Using data sources, templates, and local execution
Executing remote commands at bootstrap using Terraform
Using Docker with Terraform
Simulating infrastructure changes using Terraform
Teamwork – sharing Terraform infrastructure state
Maintaining a clean and standardized Terraform code
One Makefile to rule them all
Team workflow example
Managing GitHub with Terraform
External monitoring integration with StatusCake
4
Automating Complete Infrastructures with Terraform
Automating Complete Infrastructures with Terraform
Introduction
Provisioning a complete CoreOS infrastructure on Digital Ocean with Terraform
Provisioning a three-tier infrastructure on Google Compute Engine
Provisioning a GitLab CE + CI runners on OpenStack
Managing Heroku apps and add-ons using Terraform
Creating a scalable Docker Swarm cluster on bare metal with Packet
5
Provisioning the Last Mile with Cloud-Init
Provisioning the Last Mile with Cloud-Init
Introduction
Using cloud-init on AWS, Digital Ocean, or OpenStack
Handling files using cloud-init
Configuring the server's time zone using cloud-init
Managing users, keys, and credentials using cloud-init
Managing repositories and packages using cloud-init
Running commands during boot using cloud-init
Configuring CoreOS using cloud-init
Deploying Chef Client from start to finish using cloud-init
Deploying a remote Docker server using cloud-init
6
Fundamentals of Managing Servers with Chef and Puppet
Fundamentals of Managing Servers with Chef and Puppet
Introduction
Getting started (notions and tools)
Installing the Chef Development kit and Puppet Collections
Creating a free hosted server Chef account and a Puppet server
Automatically bootstrapping a Chef client and a Puppet agent
Installing packages
Managing services
Managing files, directories, and templates
Handling dependencies
More dynamic code using notifications
Centrally sharing data using a Chef data bag and Hiera with Puppet
Creating functional roles
Managing external Chef cookbooks and Puppet modules
7
Testing and Writing Better Infrastructure Code with Chef and Puppet
Testing and Writing Better Infrastructure Code with Chef and Puppet
Introduction
Linting Chef code with Foodcritic and Puppet code with puppet-lint
Unit testing with ChefSpec and rspec-puppet
Testing infrastructure with Test Kitchen for Chef and Beaker for Puppet
Integration testing with ServerSpec
8
Maintaining Systems Using Chef and Puppet
Maintaining Systems Using Chef and Puppet
Introduction
Maintaining consistent systems using scheduled convergence
Creating environments
Using Chef encrypted data bags and Hiera-eyaml with Puppet
Using Chef Vault encryption
Accessing and manipulating system information with Ohai
Automating application deployment (a WordPress example)
Using a TDD workflow
Planning for the worse – train to rebuild working systems
9
Working with Docker
Working with Docker
Introduction
Docker usage overview
Choosing the right Docker base image
Optimizing the Docker image size
Versioning Docker images with tags
Deploying a Ruby-on-Rails web application in Docker
Building and using Golang applications with Docker
Networking with Docker
Creating more dynamic containers
Auto-configuring dynamic containers
Better security with unprivileged users
Orchestrating with Docker Compose
Linting a Dockerfile
Deploying a private Docker registry with S3 storage
10
Maintaining Docker Containers
Maintaining Docker Containers
Introduction
Testing Docker containers with BATS
Test-Driven Development (TDD) with Docker and ServerSpec
The workflow for creating automated Docker builds from Git
The workflow for connecting the Continuous Integration (CI) system
Scanning for vulnerabilities with Quay.io and Docker Cloud
Sending Docker logs to AWS CloudWatch logs
Monitoring and getting information out of Docker
Debugging containers using sysdig
Index
Index

Better security with unprivileged users

By default, containers execute everything as the root user. Granted that containers are running in an isolated environment, but still, a publicly facing daemon is running as root on a system, and a security breach may give an attacker access to this particular container, and maybe root shell access, giving access at least to the container's Docker overlay network. Would we like to see this issue combined with a 0-day local kernel security breach that would give the attacker access to the Docker host? Probably not. Then, maybe we should keep some of the good old practices and start by executing our daemon as a user other than root.

Getting ready

To step through this recipe, you will need the following:

  • A working Docker installation

  • A sample HTTP server binary (sample code included)

How to do it…

Let's take a simple HTTP server that answers on the port 8000 of the container. Executed through a container, it would look like this, as seen earlier in this book...

Previous Section
End of Section 12
Next Section