book

DevOps for the Desperate

Name: DevOps for the Desperate
Author: Bradley Smith
ISBN: 9781718502482

by Bradley Smith

July 2022

Beginner to intermediate

176 pages

4h 49m

English

No Starch Press

Read now

Unlock full access

Title Page
Copyright
Dedication
About the Author
Acknowledgments
Introduction
What Is the Current State of DevOps?Who Should Read This Book?How This Book Is OrganizedPart I: Infrastructure as Code, Configuration Management, Security, and AdministrationPart II: Containerization and Deploying Modern ApplicationsPart III: Observability and TroubleshootingWhat You’ll NeedDownloading and Installing VirtualBoxCompanion RepositoryEditor
Part I: Infrastructure as code, Configuration management, security, and administration
Chapter 1: Setting Up a Virtual Machine
Why Use Code to Build Infrastructure?Getting Started with VagrantInstallationAnatomy of a VagrantfileBasic Vagrant CommandsGetting Started with AnsibleInstallationKey Ansible ConceptsAnsible PlaybookBasic Ansible CommandsCreating an Ubuntu VMSummary
Chapter 2: Using Ansible to Manage Passwords, Users, and Groups
Enforcing Complex PasswordsInstalling libpam-pwqualityConfiguring pam_pwquality to Enforce a Stricter Password PolicyLinux User TypesGetting Started with the Ansible User ModuleGenerating a Complex PasswordLinux GroupsGetting Started with the Ansible Group ModuleAssigning a User to the GroupCreating Protected ResourcesUpdating the VMTesting User and Group PermissionsSummary
Chapter 3: Using Ansible to Configure SSH
Understanding and Activating Public Key AuthenticationGenerating a Public Key PairUsing Ansible to Get Your Public Key on the VMAdding Two-Factor AuthenticationInstalling Google AuthenticatorConfiguring Google AuthenticatorConfiguring PAM for Google AuthenticatorConfiguring the SSH ServerRestarting the SSH Server with a HandlerProvisioning the VMTesting SSH AccessSummary

Chapter 4: Controlling User Commands with sudo
What Is sudo?Planning a sudoers Security PolicyInstalling the Greeting Web ApplicationAnatomy of a sudoers FileCreating the sudoers FileThe sudoers TemplateProvisioning the VMTesting PermissionsAccessing the Web ApplicationEditing greeting.py to Test the sudoers PolicyStopping and Starting with systemctlAudit LogsSummary
Chapter 5: Automating and Testing a Host-Based Firewall
Planning the Firewall RulesAutomating UFW RulesProvisioning the VMTesting the FirewallScanning Ports with Nmap Firewall LoggingRate LimitingSummary
Part II: containerization and deploying modern applications
Chapter 6: Containerizing an Application with Docker
Docker from 30,000 FeetGetting Started with DockerDockerfile InstructionsContainer Images and LayersContainersNamespaces and CgroupsInstalling and Testing DockerInstalling the Docker Engine with MinikubeInstalling the Docker Client and Setting Up Docker Environment VariablesTesting the Docker Client ConnectivityContainerizing a Sample ApplicationDissecting the Example telnet-server DockerfileBuilding the Container ImageVerifying the Docker ImageRunning the ContainerOther Docker Client CommandsexecrminspecthistorystatsTesting the ContainerConnecting to the Telnet-ServerGetting Logs from the ContainerSummary
Chapter 7: Orchestrating with Kubernetes
Kubernetes from 30,000 FeetKubernetes Workload ResourcesPodsReplicaSetDeploymentsStatefulSetsServicesVolumesSecretsConfigMapsNamespacesDeploying the Sample telnet-server ApplicationInteracting with KubernetesReviewing the ManifestsCreating a Deployment and ServicesViewing the Deployment and ServicesTesting the Deployment and ServicesAccessing the Telnet ServerTroubleshooting TipsKilling a PodScalingLogsSummary
Chapter 8: Deploying Code
CI/CD in Modern Application StacksSetting Up Your PipelineReviewing the skaffold.yaml FileReviewing the Container TestsSimulating a Development PipelineMaking a Code ChangeTesting the Code ChangeTesting a RollbackOther CI/CD ToolingSummary
Part III: Observability and troubleshooting
Chapter 9: Observability
Monitoring OverviewMonitoring the Sample ApplicationInstalling the Monitoring StackVerifying the InstallationMetricsGolden SignalsAdjusting the Monitoring PatternThe telnet-server DashboardPromQL: A PrimerAlertsReviewing Golden Signal Alerts in PrometheusRouting and NotificationsSummary
Chapter 10: Troubleshooting Hosts
Troubleshooting and Debugging: A PrimerScenario: High Load AverageuptimetopNext StepsScenario: High Memory UsagefreevmstatpsNext StepsScenario: High iowaitiostatiotopNext StepsScenario: Hostname Resolution Failureresolv.confresolvectldigNext StepsScenario: Out of Disk SpacedffindlsofNext StepsScenario: Connection RefusedcurlsstcpdumpNext StepsSearching LogsCommon LogsCommon journalctl CommandsParsing LogsProbing ProcessesstraceSummary
Index

Content preview from DevOps for the Desperate

4 Controlling User Commands with sudo

So far, you have secured access to your VM with a public key and two-factor authentication. You have also controlled access to a specific file and directory, using group permissions. The next foundational piece is allowing users to run elevated commands on the VM. Users typically need access to commands that may require administrative permissions, such as restarting a service or installing a missing package. As an administrator, you want to keep a tight control on who can run which commands. On Linux operating systems, the sudo (superuser do) command allows users to run specific commands as root or another ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781098130251Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

DevOps for the Desperate

by Bradley Smith

4 Controlling User Commands with sudo

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.