DevOps Hunter Security Automation

In this blog-post, I would like to discuss Docker Storage and storage drivers and Application data management using Docker Volumes. Every fact we explore in detailed experimented and collected and published here. Docker Container Persistent Storage When you see the word 'Storage' we get in mind that HARD disk, CD, DVD, pen drive, shared NFS, etc., For Docker storage that referred to the storage of images, containers, volumes and we need to store the data that belongs to an application. It may be an application code or database that referred to in the application service. Each one has its own isolation with others.  Actual physical Storage deals with different devices. Linux got the Logical storage devices where you can make use of single disk into multiple disks drives called logical drives as we see in Windows (C: D:). Disk space can be shared across multiple containers partition of disks and a group of partitions. Docker uses this capability with special storage dr...

This post is a continuous post of Docker Enterprise edition  on CentOS7 usage. Let's understand the usage of the DTR. How we can integrate it with Docker UCP? How the DTR help us to maintain the docker repository easy way. What benefits we can get with DTR? As we had already installed docker-ee and UCP deployed on it with swarm cluster on a CentOS7. What is new in Docker Trusted Registry? Here I've collected some of the DTR Primary Usage Scenarios CI/CD with Docker • Image repository - Centrally located base images • Simple upgrades - Store individual build images • Scan and Pull tested images to production Containers as a Service (CaaS) • Deploy Jenkins executors or nodes • Instant-on developer environment • Selected curated apps from a catalog • Dynamic composition of micro-services (“PAAS”) General Features • Organizations, Teams & Repositories permissions UI • Search index, API & UI • Interactive API documentation • Image deletion from ind...

Hey, dear Docker DevOps enthusiast! In this post we will discuss about docker security, docker service security, docker engine-level security, etc. SELinux is Security-Enhanced Linux it provides a mechanism for supporting access control security policies SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distros. The 'root' user by default owns the processes spawned by a container are run. secgroup limits the disk quota. Security Issue Rotate your join-token for both worker and manager when there is a suspicion that someone might have got access to the token for adding managers to the cluster. Secretes are immutable in a docker swarm cluster. They cannot be updated sof if you want to modify the secret then you have to create a new secret file and update that to the existing service. step 1: First we need to Create new secret, step 2: Attach the newly created secret with an update option the service to use this n...

Hello DevOps enthusiast, In this post, We will discuss docker-compose why we need and how it can resolve the multi-container application issues. What is it's limitations? How Docker-compose works? What is Docker-compose? why? If we are working on multi-container apps then it is a hassle because we would be doing repeatedly the following tasks: Build images from Dockerfiles  Pull images from the Hub or a private registry  Configure and create multiple containers for each service required to run the application Start and stop containers individually each one Stream their logs to check the status and troubleshoot In contrast to all the above hassles, The Docker compose developed as best tool for defining & running multi-container docker applications. We can use YAML files to configure application services (docker-compose.yml) Simplified control for multi-container applications - we can start all services with a single command: docker compose up and can st...

Hello, dear DevOps enthusiast, welcome back to DevOpsHunter learners site! In this post, we would like to explore the docker networking models and different types of network drivers and their benefits. What is Docker Networking? Understanding docker networking Docker provided multiple network drivers plugin installed as part of Library along with Docker installation. You have choice and flexibilities. Basically the classification happen based on the number of host participation. SinbleHost WILL  Let's see the types of network drivers in docker ecosystem. docker network overview Docker Contianers are aim to built tiny size so there may be some of the regular network commands may not be available. We need to install them inside containers. Issue #1 Inside my container ip or ifconfig not working, How to resolve 'ip' command not working? Solution: apt update; apt install -y iproute2 Issue #2: ping command not working how to resolve this ...

In this post, we will be discussing docker image creation, management and before jumping into this article if you do not yet install Docker? then, I also recommend you to go through my previous post where I've discussed how to install Docker-CE or Docker EE. I would like to expose most of the things related to Docker Images. Assuming that now you have everything ready! that means Docker engine up and running. What is all about Docker Image? According to docker docs -- An image is an executable package that includes everything needed to run an application -- the code, runtime, libraries, environment variables and configuration files. The runtime of a docker image is called a Docker container. In simple words, an Image is nothing but a stopped container! Let me put my understanding into a picture first and then we explore all these possible syntax and examples. Docker Image Life cycle Let us talk about the docker image that was built with multiple layers. Docke...

Here in this post, I would like to collect all my daily challenges in my DevOps learning operations and possible workarounds, fixes links. I also invite you please share your experiences dealing with DevOps operations. DevOps Troubleshooting process Issue #1: Vagrant failed to reload when Docker installed in CentOS The following SSH command responded with a non-zero exit status. Vagrant assumes that this means the command failed! chmod 0644 /etc/systemd/system/docker.service.d/http-proxy.conf Stdout from the command: Stderr from the command: chmod: cannot access ‘/etc/systemd/system/docker.service.d/http-proxy.conf’: No such file or directory Here it is actually starting the vagrant box but it is not able to find a file called http-proxy.conf file. I would like to suggest for this issue, create the file and grant the permission as given: Now restart the vagrant box. usually it is blocker when you are starting couple vagrant boxes with single vagrant up comman...

I hope you all doing great with DevOps learnings! There is a huge demand for DevOps engineers, where people turning from the many freshers turning to DevOps Engineer roles and becoming experts after exploring. Here I would like to target the key DevOps tools as interview questions. Here I'm collecting interesting DevOps interview questions out of my experiences and some of my friends who attended in various companies. And also made some of them collected from the most highly professional session delivered in the YouTube tutorials. World-class DevOps Interview Questions SCM Questions Can we build some code from SVN and some from the GIT repository in a single Jenkins job? Merging two branches merge conflicting? How do you resolve it? What is the difference between git clone, git fetch and git pull? How do you deal with git remote repository? AWS Interview Questions  AMI instance took the snapshot from recently build instance, How can I create a new instance? ...

This is a quick tutorial on Docker UCP usage for User Management. Docker UCP provides us multiuser management and Role-based user control. which allows us to create and manage users and teams in an organization. Let's take a look over this user management in detail in this post. First, we create Organization then we associate a couple of teams then after that add users to those teams. Login to your UCP management console. Create an Organization on UCP Click on the 'user management' in the left side pane. User Management on UCP Now in the right pane work area, you can click on the 'Create Organization' top right button. Enter your organization name a single word without any spaces. even though you enter the name in Capitals it will convert into lower case and store it. Create Organization on UCP To complete it click on the 'Create' button. Once Organization is created it will be listed in the work area. Click on the newly created org...