Hands-On Enterprise Automation on Linux

Hands-On Enterprise Automation on Linux

by James Freeman
Released January 2020
Publisher(s): Packt Publishing
ISBN: 9781789131611

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Achieve enterprise automation in your Linux environment with this comprehensive guide

Key Features

  • Automate your Linux infrastructure with the help of practical use cases and real-world scenarios
  • Learn to plan, build, manage, and customize OS releases in your environment
  • Enhance the scalability and efficiency of your infrastructure with advanced Linux system administration concepts

Book Description

Automation is paramount if you want to run Linux in your enterprise effectively. It helps you minimize costs by reducing manual operations, ensuring compliance across data centers, and accelerating deployments for your cloud infrastructures.

Complete with detailed explanations, practical examples, and self-assessment questions, this book will teach you how to manage your Linux estate and leverage Ansible to achieve effective levels of automation. You'll learn important concepts on standard operating environments that lend themselves to automation, and then build on this knowledge by applying Ansible to achieve standardization throughout your Linux environments.

By the end of this Linux automation book, you'll be able to build, deploy, and manage an entire estate of Linux servers with higher reliability and lower overheads than ever before.

What you will learn

  • Perform large-scale automation of Linux environments in an enterprise
  • Overcome the common challenges and pitfalls of extensive automation
  • Define the business processes needed to support a large-scale Linux environment
  • Get well-versed with the most effective and reliable patch management strategies
  • Automate a range of tasks from simple user account changes to complex security policy enforcement
  • Learn best practices and procedures to make your Linux environment automatable

Who this book is for

This book is for anyone who has a Linux environment to design, implement, and maintain. Open source professionals including infrastructure architects and system administrators will find this book useful. You're expected to have experience in implementing and maintaining Linux servers along with knowledge of building, patching, and maintaining server infrastructure. Although not necessary, knowledge of Ansible or other automation technologies will be beneficial.

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Hands-On Enterprise Automation on Linux
  3. Dedication
  4. About Packt
    1. Why subscribe?
  5. Foreword
  6. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  7. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Get in touch
      1. Reviews
  8. Section 1: Core Concepts
  9. Building a Standard Operating Environment on Linux
    1. Understanding the challenges of Linux environment scaling
      1. Challenges of non-standard environments
        1. Early growth of a non-standard environment
        2. Impacts of non-standard environments
        3. Scaling up non-standard environments
      2. Addressing the challenges
        1. Security
        2. Reliability
        3. Scalability
        4. Longevity
        5. Supportability
        6. Ease of use
    2. What is an SOE?
      1. Defining the SOE
      2. Knowing what to include
    3. Exploring SOE benefits
      1. Example benefits of an SOE in a Linux environment
      2. Benefits of SOE to software testing
    4. Knowing when to deviate from standards
    5. Ongoing maintenance of SOEs
    6. Summary
    7. Questions
    8. Further reading
  10. Automating Your IT Infrastructure with Ansible
    1. Technical requirements
    2. Exploring the Ansible playbook structure
    3. Exploring inventories in Ansible
    4. Understanding roles in Ansible
    5. Understanding Ansible variables
    6. Understanding Ansible templates
    7. Bringing Ansible and the SOE together
    8. Summary
    9. Questions
    10. Further reading
  11. Streamlining Infrastructure Management with AWX
    1. Technical requirements
    2. Introduction to AWX
      1. AWX reduces training requirements
      2. AWX enables auditability
      3. AWX supports version control
      4. AWX helps with credential management
      5. Integrating AWX with other services
    3. Installing AWX
    4. Running your playbooks from AWX
      1. Setting up credentials in AWX
      2. Creating inventories in AWX
      3. Creating a project in AWX
      4. Creating a template in AWX
      5. Running a playbook from AWX
    5. Automating routine tasks with AWX
    6. Summary
    7. Questions
    8. Further reading
  12. Section 2: Standardizing Your Linux Servers
  13. Deployment Methodologies
    1. Technical requirements
    2. Knowing your environment
      1. Deploying to bare-metal environments
      2. Deploying to traditional virtualization environments
      3. Deploying to cloud environments
      4. Docker deployments
    3. Keeping builds efficient
      1. Keeping your builds simple
      2. Making your builds secure
      3. Creating efficient processes
    4. Ensuring consistency across Linux images
    5. Summary
    6. Questions
    7. Further reading
  14. Using Ansible to Build Virtual Machine Templates for Deployment
    1. Technical requirements
    2. Performing the initial build
      1. Using ready-made template images
      2. Creating your own virtual machine images
    3. Using Ansible to build and standardize the template
      1. Transferring files into the image
      2. Installing packages
      3. Editing configuration files
      4. Validating the image build
      5. Putting it all together
    4. Cleaning up the build with Ansible
    5. Summary
    6. Questions
    7. Further reading
  15. Custom Builds with PXE Booting
    1. Technical requirements
    2. PXE booting basics
      1. Installing and configuring PXE-related services
      2. Obtaining network installation images
      3. Performing your first network boot
    3. Performing unattended builds
      1. Performing unattended builds with kickstart files
      2. Performing unattended builds with pre-seed files
    4. Adding custom scripts to unattended boot configurations
      1. Customized scripting with kickstart
      2. Customized scripting with pre-seed
    5. Summary
    6. Questions
    7. Further reading
  16. Configuration Management with Ansible
    1. Technical requirements
    2. Installing new software
      1. Installing a package from operating system default repositories
      2. Installing non-native packages
      3. Installing unpackaged software
    3. Making configuration changes with Ansible
      1. Making small configuration changes with Ansible
      2. Maintaining configuration integrity
    4. Managing configuration at an enterprise scale
      1. Making scalable static configuration changes
      2. Making scalable dynamic configuration changes
    5. Summary
    6. Questions
    7. Further reading
  17. Section 3: Day-to-Day Management
  18. Enterprise Repository Management with Pulp
    1. Technical requirements
    2. Installing Pulp for patch management
      1. Installing Pulp
    3. Building repositories in Pulp
      1. Building RPM-based repositories in Pulp
      2. Building DEB-based repositories in Pulp
    4. Patching processes with Pulp
      1. RPM-based patching with Pulp
      2. DEB-based patching with Pulp
    5. Summary
    6. Questions
    7. Further reading
  19. Patching with Katello
    1. Technical requirements
    2. Introduction to Katello
    3. Installing a Katello server
      1. Preparing to install Katello
    4. Patching with Katello
      1. Patching RPM-based systems with Katello
      2. Patching DEB-based systems with Katello
    5. Summary
    6. Questions
    7. Further reading
  20. Managing Users on Linux
    1. Technical requirements
    2. Performing user account management tasks
      1. Adding and modifying users with Ansible
      2. Removing users with Ansible
    3. Centralizing user account management with LDAP
      1. Microsoft AD
      2. FreeIPA
    4. Enforcing and auditing configuration
      1. Managing sudoers with Ansible
      2. Auditing user accounts with Ansible
    5. Summary
    6. Questions
    7. Further reading
  21. Database Management
    1. Technical requirements
    2. Installing databases with Ansible
      1. Installing MariaDB server with Ansible
      2. Installing PostgreSQL Server with Ansible
    3. Importing and exporting data
      1. Automating MariaDB data loading with Ansible
    4. Performing routine maintenance
      1. Routine maintenance on PostgreSQL with Ansible
    5. Summary
    6. Questions
    7. Further reading
  22. Performing Routine Maintenance with Ansible
    1. Technical requirements
    2. Tidying up disk space
    3. Monitoring for configuration drift
    4. Understanding process management with Ansible
    5. Rolling updates with Ansible
    6. Summary
    7. Questions
    8. Further reading
  23. Section 4: Securing Your Linux Servers
  24. Using CIS Benchmarks
    1. Technical requirements
    2. Understanding CIS Benchmarks
      1. What is a CIS Benchmark?
      2. Exploring CIS Benchmarks in detail
    3. Applying security policy wisely
      1. Applying the SELinux security policy
      2. Mounting of filesystems
      3. Installing Advanced Intrusion Detection Environment (AIDE)
      4. Understanding CIS Service benchmarks
      5. X Windows
      6. Allowing hosts by network
      7. Local firewalls
      8. Overall guidance on scoring
    4. Scripted deployment of server hardening
      1. Ensuring SSH root login is disabled
      2. Ensuring packet redirect sending is disabled
      3. Running CIS Benchmark scripts from a remote location
    5. Summary
    6. Questions
    7. Further reading
  25. CIS Hardening with Ansible
    1. Technical requirements
    2. Writing Ansible security policies
      1. Ensuring remote root login is disabled
      2. Building up security policies in Ansible
      3. Implementing more complex security benchmarks in Ansible
      4. Making appropriate decisions in your playbook design
    3. Application of enterprise-wide policies with Ansible
    4. Testing security policies with Ansible
    5. Summary
    6. Questions
    7. Further reading
  26. Auditing Security Policy with OpenSCAP
    1. Technical requirements
    2. Installing your OpenSCAP server
      1. Running OpenSCAP Base
      2. Installing the OpenSCAP Daemon
      3. Running SCAP Workbench
      4. Considering other OpenSCAP tools
    3. Evaluating and selecting policies
      1. Installing SCAP Security Guide
      2. Understanding the purpose of XCCDF and OVAL policies
      3. Installing other OpenSCAP policies
    4. Scanning the enterprise with OpenSCAP
      1. Scanning the Linux infrastructure with OSCAP
      2. Running regular scans with the OpenSCAP Daemon
      3. Scanning with SCAP Workbench
    5. Interpreting results
    6. Summary
    7. Questions
    8. Further reading
  27. Tips and Tricks
    1. Technical requirements
    2. Version control for your scripts
      1. Integrating Ansible with Git
      2. Organizing your version control repositories effectively
      3. Version control of roles in Ansible
    3. Inventories – maintaining a single source of truth
      1. Working with Ansible dynamic inventories
      2. Example – working with the Cobbler dynamic inventory
    4. Running one-off tasks with Ansible
    5. Summary
    6. Questions
    7. Further reading
  28. Assessments
    1. Chapter 1 - Building a Standard Operating Environment on Linux
    2. Chapter 2 - Automating Your IT Infrastructure with Ansible
    3. Chapter 3 - Streamlining Infrastructure Management with AWX
    4. Chapter 4 - Deployment Methodologies
    5. Chapter 5 - Using Ansible to Build Virtual Machine Templates for Deployment
    6. Chapter 6 - Custom Builds with PXE Booting
    7. Chapter 7 - Configuration Management with Ansible
    8. Chapter 8 - Enterprise Repository Management with Pulp
    9. Chapter 9 - Patching with Katello
    10. Chapter 10 - Managing Users on Linux
    11. Chapter 11 - Database Management
    12. Chapter 12 - Performing Routine Maintenance with Ansible
    13. Chapter 13 - Using CIS Benchmarks
    14. Chapter 14 - CIS Hardening with Ansible
    15. Chapter 15 - Auditing Security Policy with OpenSCAP
    16. Chapter 16 - Tips and Tricks
  29. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Hands-On Enterprise Automation on Linux
  • Author(s): James Freeman
  • Release date: January 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781789131611