book

Infrastructure as Code Cookbook

by Stephane Jourdan, Pierre Pomès

February 2017

Intermediate to advanced

440 pages

8h 45m

English

Packt Publishing

Read now

Unlock full access

eBooks, discount offers, and moreWhy Subscribe?
What this book covers

Getting readyHow to do it…How it works…There's more…See also
Downloading the example codeDownloading the color images of this bookErrataPiracyQuestions
Introduction
Getting readyHow to do it…How it works…There's more…
Getting readyHow to do it…How it works…
Getting readyHow to do it…How it works…There's more…
Getting readyHow to do it…How it works…There's more…See also
Getting readyHow to do it…How it works…There's more…
Getting readyHow to do it…How it works…
Getting readyHow to do it…Set the hostnameDisable new box version check at startupUse a specific box versionDisplay an informational message to the userSpecify a minimum Vagrant version
Getting readyHow to do it…Using NGINX Docker container through VagrantExposing Docker ports in VagrantSharing folders with Docker through VagrantThere's more…
Getting readyHow to do it…There's more…A Docker Compose equivalent
Getting readyHow to do it…
Getting readyHow to do it…There's more…Speed up deployments with linked clonesUsing named NAT networks
Getting readyHow to do it…Tier 3 – the databaseTier 2: the application serversThe Node.js applicationTier 1: the NGINX reverse proxy
Getting readyHow to do it…A sample NGINX configuration for LaravelSimple shell provisioningEnable provisioningShared folderPublic LAN NetworkingThere's more…
Getting readyHow to do it…ProvisioningStarting Ghost engineSharing accessHTTPSSH
Getting readyHow to do it…Vagrant Omnibus Chef pluginA sample Chef recipeVagrant and Chef integrationTesting the Chef version updateThere's more…Controlling default Vagrant VMsBerkshelf and VagrantTesting with Test Kitchen
Getting readyHow to do it…A simple Ansible Docker playbook for VagrantApply Ansible from VagrantThere's more…
Getting readyHow to do it…There's more…
Introduction
Getting readyHow to do it…How it works…There's more…
Getting readyHow to do it…How it works…There's more…
Getting readyHow to do it…There's more…
Getting readyHow to do it…Scaling the number of instancesThere's more…
Getting readyHow to do it…There's more…
Getting readyHow to do it…There's more…
Getting readyHow to do it…There's more…
Getting readyHow to do it…
Getting readyHow to do it…There's more…
Getting readyHow to do it…Amazon CloudWatch Logs Docker logging driver
Getting readyHow to do it…An IAM user for S3 accessTesting the restrictionsAn IAM user for EC2 in read-onlyAn application user IAM – CloudWatch LogsThere's more…
Introduction
Getting readyHow to do it…Keeping the tfstate isolatedSetting the production flag
Getting readyHow to do it…Creating the EC2 instancePassing connection informationGiving Chef informationHow it works…There's more…
Getting readyHow to do it…Data and templatesThe local-exec Terraform provisionerApply a configured Ansible
Getting readyHow to do it…
Getting readyHow to do it…
Getting readyHow to do it…PlanningQuickly simulating changesTargeting for a specific change
Getting readyHow to do it…Sharing with GitSharing remotely with S3Sharing remotely with ConsulOther state sharing options
Getting readyHow to do it…Syntax validationStyle validation
Getting readyHow to do it…See also
Getting readyHow to do it…A simple Git repositoryInitial infrastructure codeTerraform code validationInfrastructure code commitMake a pull requestApply the changes
Getting readyHow to do it…Configuring GitHubAdding users to the GitHub organizationAdding GitHub teamsSetting Git repository access rights
Getting readyHow to do it…Creating an automated ping monitoring testCreating an HTTPS test
Introduction
Getting readyHow to do it…Handling the SSH keyCreating the CoreOS cluster membersAdding useful outputDynamic DNS IntegrationIntegrating cloud-initIntegrating dynamic StatusCake monitoring
Getting readyHow to do it…Generating API credentials for a Google projectCreating Google Compute HTTP instancesCreating a Google Compute Firewall ruleLoad balancing Google Compute instancesCreating a Google MySQL database instanceAdding some useful outputs
Getting readyHow to do it…Configuring the OpenStack providerCreating a key pair on OpenStackCreating a security group on OpenStackCreating block storage volumes on OpenStackCreating compute instances on OpenStackCreating an object storage container on OpenStackApplying
Getting readyHow to do it…Creating a Heroku application with TerraformAdding Heroku add-ons using TerraformUsing Heroku with Terraform
Getting readyHow to do it…Creating a Packet project using TerraformHandling Packet SSH keys using TerraformBootstraping a Docker Swarm manager on Packet using TerraformBootstraping Docker Swarm nodes on Packet using TerraformUsing the Docker Swarm cluster
Introduction
Getting readyHow to do it…Using cloud-init on Amazon Web ServicesUsing cloud-init on Digital OceanUsing cloud-init on OpenStackCombining cloud-init and Terraform for any IaaS
Getting readyHow to do it…
Getting readyHow to do it…
Getting readyHow to do it…
Getting readyHow to do it…
Getting readyHow to do it…
Getting readyHow to do it…Configuring etcd using cloud-initConfiguring fleet using cloud-initConfiguring the update strategy using cloud-initConfiguring locksmith using cloud-initConfiguring systemd units using cloud-initConfiguring flannel using cloud-init
Getting readyHow to do it…Deploying the Chef omnibus installer using cloud-initConfiguring Chef against a Chef Server organization using cloud-initApplying a Chef cookbook at bootstrap using cloud-init
Getting readyHow to do it...Setting the timezone on CoreOS using cloud-initEnabling Docker TCP socket for network accessThere's more...See also
Introduction
Running ChefChef pluginsChef organizationsChef nodesChef environmentsChef rolesChef resourcesChef recipesChef cookbooksChef run listThere's more…
Getting readyHow to do it…Chef DK contentsHow it works…There's more…See also
Getting readyHow to do it…There's more…
Getting readyHow to do it…There's more…
Getting readyHow to do it…Generating an empty Apache cookbookUploading the cookbookApplying the cookbookCreating a MariaDB cookbookCreating a PHP cookbookThere's more…See also
Getting readyHow to do it…Enabling and starting Apache serviceEnabling and starting the MariaDB serviceThere's more…See also
Getting readyHow to do it…Managing a simple static fileManaging dynamic files and directories from a templateThere's more…See also
Getting readyHow to do it…There's more…See also
Getting readyHow to do it…There's more…See also
Getting readyHow to do it…There's more…See also
Getting readyHow to do it…There's more…See also
Getting readyHow to do it…Using the official MySQL cookbook and its dependencies with BerkshelfIncluding dependencies in a roleUploading cookbook dependencies using BerkshelfTesting MySQL deploymentThere's more…See also
Introduction
Getting readyHow to do it…CookstyleFoodcriticThere's more…Puppet coding styleDocumentationSee also
Getting readyHow to do it…The Spec HelperTesting a successful Chef run contextTesting a package installationTesting services statusTesting another recipe from the same cookbookTesting directory creationTesting file creationTesting templates creationStubbing data bags for searchesTesting recipes inclusionIntercepting errors in testsThere's more…See also
Getting readyHow to do it…Configuring Test KitchenTesting with Test KitchenHow it works…There's more…See also
Getting readyHow to do it…Creating a ServerSpec helper scriptTesting a package installationTesting for service statusTesting for listening portsTesting for files existence and contentTesting for repository existenceThere's more…See also
Introduction
Getting readyHow to do it…Using the Chef client as a daemonTweaking the convergence interval timeRunning the Chef client as a cronTweaking the Chef cron jobThere's more…See also
Getting readyHow to do it…Creating a production environmentSetting an environment to a nodeBootstrapping a node with an environmentFixing cookbook versions for an environmentOverriding attributes for an environmentAccessing the environment from a recipeThere's more...Manual environment creation in the Puppet serverNode environment selectionGetting the environment from manifestsThe dynamic way – r10kSee also
Getting readyHow to do it…Encrypting data bags with a shared secretAccessing an encrypted data bag in the CLIUsing an encrypted data bag from a recipeThere's more…Preparing the Puppet serverPreparing the workstationSecuring the MySQL root passwordSee also
Getting readyHow to do it…Accessing the encrypted vault from a cookbookSee also
Getting readyHow to do it…Accessing Ohai information from a Chef recipeThere's more…See also
Getting readyHow to do it…Including dependenciesCreating the application's databaseDeploying an application from git or GitHubThere's more…See also
Getting readyHow to do it…Infrastructure TDD – writing tests firstDeploying Docker with ChefLinting the codeSupporting another platformTeam working using Chef and gitDeploying to stagingDeploying to productionThere's more…See also
Getting readyHow to do it…Multi-machine recoveryThere's more…
Introduction
Getting readyHow to do it…Running Bash in an Ubuntu 16.04 containerRunning Nginx in a containerSharing data with a containerBuilding a container with utilitiesUsing a private registrySee also
Getting readyHow to do it…Starting from an Ubuntu imageStarting from a CentOS imageStarting from a Red Hat Enterprise Linux (RHEL) imageStarting from a Fedora imageStarting from an Alpine Linux imageStarting from a Debian imageLinux distributions container image size tableStarting from a Node JS imageStarting from a Golang imageStarting from a Ruby imageStarting from a Python imageStarting from a Java imageStarting from a PHP imageSee also
Getting readyHow to do it…How it works…
Getting readyHow to do it…
Getting readyHow to do it…
Getting readyHow to do it…Using the golang Docker image to cross-compile a Go programUsing the golang Docker image to build and ship a Go programUsing the scratch Docker imageUsing the Alpine Linux alternative for a Go program
Getting readyHow to do it…Docker networksConnecting multiple networks for one container
Getting readyHow to do it…
Getting readyHow to do it…
Getting readyHow to do it…
Getting readyHow to do it…Extending Docker ComposeSee also
Getting readyHow to do it…HadolintDockerfile_lint
Getting readyHow to do it…Using an S3 backendSee also
Introduction
Getting readyHow to do it…Creating BATS testsUsing Makefile to glue it all togetherSee also
Getting readyHow to do it…Creating a ServerSpec environment using BundlerInitializing the testsTDD – using the Debian Jessie base's Docker imageTDD – installing the NGINX packageTDD – running NGINXSee also
Getting readyHow to do it…Creating an automated build on the Docker HubConfiguring a GitHub to a Docker Hub-automated build pipelineBuilding Docker images using Git tags
Getting readyHow to do it…
Getting readyHow to do it…Using Docker Security ScanningHow it works…See also
Getting readyHow to do it…Using the Docker runUsing docker-composeUsing systemdThere's more...
Getting readyHow to do it...Using docker statsUsing Google's cAdvisor toolSee also
Getting readyHow to do it...See also

Content preview from Infrastructure as Code Cookbook

Managing users, keys, and credentials using cloud-init

There's a high probability we won't plan to use the default root account, or even the default user account from our distribution (those ubuntu or centos users). There's an even higher probability we'll need a Unix account very early in the process, even before the proper configuration management tool enters the game.

Let's say our IT security policy wants us to have an emergency user account in a group named infosec for the IT security team with passwordless sudo rights and the simple /bin/sh shell. This account has one authorized public key automatically populated. The policy is also to remove the default ubuntu account.