Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Infrastructure as Code Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Infrastructure as Code Cookbook

Infrastructure as Code Cookbook

By : Stephane Jourdan, Pierre Pomès
4 (1)
Buy this Book
close
close
Infrastructure as Code Cookbook

Infrastructure as Code Cookbook

4 (1)
By: Stephane Jourdan, Pierre Pomès
Buy this Book

Overview of this book

Para 1: Infrastructure as code is transforming the way we solve infrastructural challenges. This book will show you how to make managing servers in the cloud faster, easier and more effective than ever before. With over 90 practical recipes for success, make the very most out of IAC.
Table of Contents (12 chapters)
close
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Vagrant Development Environments
1. Vagrant Development Environments
Introduction
Adding an Ubuntu Xenial (16.04 LTS) Vagrant box
Using a disposable Ubuntu Xenial (16.04) in seconds
Enabling VirtualBox Guest Additions in Vagrant
Using a disposable CentOS 7.x with VMware in seconds
Extending the VMware VM capabilities
Enabling multiprovider Vagrant environments
Customizing a Vagrant VM
Using Docker with Vagrant
Using Docker in Vagrant for a Ghost blog behind NGINX
Using Vagrant remotely with AWS EC2 and Docker
Simulating dynamic multiple host networking
Simulating a networked three-tier architecture app with Vagrant
Showing your work on the LAN while working with Laravel
Sharing access to your Vagrant environment with the world
Simulating Chef upgrades using Vagrant
Using Ansible with Vagrant to create a Docker host
Using Docker containers on CoreOS with Vagrant
2
2. Provisioning IaaS with Terraform
2. Provisioning IaaS with Terraform
Introduction
Configuring the Terraform AWS provider
Creating and using an SSH key pair to use on AWS
Using AWS security groups with Terraform
Creating an Ubuntu EC2 instance with Terraform
Generating meaningful outputs with Terraform
Using contextual defaults with Terraform
Managing S3 storage with Terraform
Creating private Docker repositories with Terraform
Creating a PostgreSQL RDS database with Terraform
Enabling CloudWatch Logs for Docker with Terraform
Managing IAM users with Terraform
3
3. Going Further with Terraform
3. Going Further with Terraform
Introduction
Handling different environments with Terraform
Provisioning a CentOS 7 EC2 instance with Chef using Terraform
Using data sources, templates, and local execution
Executing remote commands at bootstrap using Terraform
Using Docker with Terraform
Simulating infrastructure changes using Terraform
Teamwork – sharing Terraform infrastructure state
Maintaining a clean and standardized Terraform code
One Makefile to rule them all
Team workflow example
Managing GitHub with Terraform
External monitoring integration with StatusCake
4
4. Automating Complete Infrastructures with Terraform
4. Automating Complete Infrastructures with Terraform
Introduction
Provisioning a complete CoreOS infrastructure on Digital Ocean with Terraform
Provisioning a three-tier infrastructure on Google Compute Engine
Provisioning a GitLab CE + CI runners on OpenStack
Managing Heroku apps and add-ons using Terraform
Creating a scalable Docker Swarm cluster on bare metal with Packet
5
5. Provisioning the Last Mile with Cloud-Init
5. Provisioning the Last Mile with Cloud-Init
Introduction
Using cloud-init on AWS, Digital Ocean, or OpenStack
Handling files using cloud-init
Configuring the server's time zone using cloud-init
Managing users, keys, and credentials using cloud-init
Managing repositories and packages using cloud-init
Running commands during boot using cloud-init
Configuring CoreOS using cloud-init
Deploying Chef Client from start to finish using cloud-init
Deploying a remote Docker server using cloud-init
6
6. Fundamentals of Managing Servers with Chef and Puppet
6. Fundamentals of Managing Servers with Chef and Puppet
Introduction
Getting started (notions and tools)
Installing the Chef Development kit and Puppet Collections
Creating a free hosted server Chef account and a Puppet server
Automatically bootstrapping a Chef client and a Puppet agent
Installing packages
Managing services
Managing files, directories, and templates
Handling dependencies
More dynamic code using notifications
Centrally sharing data using a Chef data bag and Hiera with Puppet
Creating functional roles
Managing external Chef cookbooks and Puppet modules
7
7. Testing and Writing Better Infrastructure Code with Chef and Puppet
7. Testing and Writing Better Infrastructure Code with Chef and Puppet
Introduction
Linting Chef code with Foodcritic and Puppet code with puppet-lint
Unit testing with ChefSpec and rspec-puppet
Testing infrastructure with Test Kitchen for Chef and Beaker for Puppet
Integration testing with ServerSpec
8
8. Maintaining Systems Using Chef and Puppet
8. Maintaining Systems Using Chef and Puppet
Introduction
Maintaining consistent systems using scheduled convergence
Creating environments
Using Chef encrypted data bags and Hiera-eyaml with Puppet
Using Chef Vault encryption
Accessing and manipulating system information with Ohai
Automating application deployment (a WordPress example)
Using a TDD workflow
Planning for the worse – train to rebuild working systems
9
9. Working with Docker
chevron up
9. Working with Docker
Introduction
Docker usage overview
Choosing the right Docker base image
Optimizing the Docker image size
Versioning Docker images with tags
Deploying a Ruby-on-Rails web application in Docker
Building and using Golang applications with Docker
Networking with Docker
Creating more dynamic containers
Auto-configuring dynamic containers
Better security with unprivileged users
Orchestrating with Docker Compose
Linting a Dockerfile
Deploying a private Docker registry with S3 storage
10
10. Maintaining Docker Containers
10. Maintaining Docker Containers
Introduction
Testing Docker containers with BATS
Test-Driven Development (TDD) with Docker and ServerSpec
The workflow for creating automated Docker builds from Git
The workflow for connecting the Continuous Integration (CI) system
Scanning for vulnerabilities with Quay.io and Docker Cloud
Sending Docker logs to AWS CloudWatch logs
Monitoring and getting information out of Docker
Debugging containers using sysdig
11
Index
Index

Better security with unprivileged users

By default, containers execute everything as the root user. Granted that containers are running in an isolated environment, but still, a publicly facing daemon is running as root on a system, and a security breach may give an attacker access to this particular container, and maybe root shell access, giving access at least to the container's Docker overlay network. Would we like to see this issue combined with a 0-day local kernel security breach that would give the attacker access to the Docker host? Probably not. Then, maybe we should keep some of the good old practices and start by executing our daemon as a user other than root.

Getting ready

To step through this recipe, you will need the following:

  • A working Docker installation
  • A sample HTTP server binary (sample code included)

How to do it…

Let's take a simple HTTP server that answers on the port 8000 of the container. Executed through a container, it would look like this, as seen earlier...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 12
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY