DevOps Hunter Security Automation

 Hey DevOps or DevSecOps or SRE Guys!! What's up? in the automation journey one more wonderful learning here!  In this post we will be implementing all our Ansible modules one after other to build a complete solution for Java based Application server installation and running using Ansible playbook. At present Tomcat latest version is 10.0.27 so I've used same  Pre-requisites:  To install Apache Tomcat there is separate JDK/JRE compatibility we need to validate before we proceed Create a dedicated user account as 'tomcat' with shell as bash  to manage Tomcat application server Create a separate directory for tomcat server to be installed Execution of multiple tasks in the Playbook will be as follows: Download the Tomcat software from Apache Tomcat 10.0.27.tar.gz Uncompressing the tomcat tar.gz file Change the file permissions and ownership Cleanup after unarchive the tar.gz file Start the Tomcat server Have a task to stop the Tomcat server --- - n...

Hello Guys!! HEAD pointer movement HEAD points to specific commit in the local repo-branch as new commits are made, the pointer changes HEAD always points to the "tip" of the currently checked-out branch in the repo (not the working directory or staging index) last state of repo (what was checkout initially HEAD points to parent of next commit(where writing next commit takes place) HEAD Movement in Git branches Git Reset movements This is most common need of every DevOps team development phase need. There are three options we have but of course two of them are mostly used. Git reset movements at three tree levels soft mixed hard Using --soft reset The soft reset command is to combine many commits into a single one. git reset --soft HEAD (going back to HEAD) git reset --soft HEAD^ (going back to the commit before HEAD) git reset --soft HEAD~1 (equivalent to "^") git reset --soft HEAD~2 (going back to 2 commits before HEAD) Using hard reset mov...

Hey Greetings of the day!! GitHub providing Personal Access Token instead of using username, password for git repository that is on the GitHub. where git subcommands such as git pull, git push, fetch and any remote operations will be depends on this PAT.   There are two choices for PAT  1. fine grain Personal Access Token(PAT)  2. Personal Access Token (Classic)  I understood that it is easy to change permissions, authentication token that use only specific target repositories.  If you want to know ' How PAT works? Where to start PAT ' then this post is absolutely for you! Welcome to this 2 mins read! Fine grained PAT newly introduced in Oct 2022 on the GitHub still at the time this post it is mentioned as [Beta] versioned. Personal Access Token PATS are going to work with commonly defined API on GitHub. Any integration made simplified with this method. How to create PAT on GitHub?  Login to your GitHub account. Click on the profile picture upper-ri...

 Ansible playbook can be a construct of multiple plays or each play may contains multiple tasks. This is where we may have situation where you need to add new task to the existing play or playbook, and we need to test many times that newly added task.  While testing multiple times we many don't want to execute certain tasks such as a task 'Send email notification' when you preparing a 'Reboot of server' or 'Restart of Service' or 'Deployment of a service'. During the testing time you may want to exclude these notification tasks.  There are situations where we might want to run a particular task as per the input at the run time of a playbook. This may be from AWX/Tower UI select them. Ansible tags - to control the tasks of a Playbook I will be explaining in this post, How to run or not to run a particular task in given  playbook.  Important concepts about Ansible tags Ansible tags are keys to identify and control the tasks for execution or exclude fr...

Hey DevOps Team, In this post I would like to give you the knowledge on the special feature about Ansible Facts and we can also customize these facts as global variables to use in multiple playbooks. What is ansible facts?  Ansible facts are just simple variables that are automatically discovered by ansible on a managed nodes. such as system information disk info, os info, package info IP Network and many more ... Why we manage facts? Default these facts will be automatically collected exclusively we need to disable some times. - multiple play in a playbook How can we use facts? we want to run only when enough memory is available on the target machine then install the package. That is the smartest way to do the automation! --- # File : hello.yaml - name: Facts example hosts: "{{targets|default('localhost')}}" tasks: - name: prints details debug: msg: "Hello this machine have {{ ansible_memory_mb['real'] }}" whe...

In this post we are going to learn more  about what is service accounts in Kubernetes and how that is useful. Prerequisites Kubernetes cluster Up and running Let's take the scenario where we get need to connect with the pods, nodes, deployments and other resources in the Kubernetes cluster. you might be working with the automated build with the CICD pipelines to interconnect with each other resources. Pod  is going to work with the planned application deployments. If  you're working in DevSecOps you need to focus on the regular monthly maintenance OS  patching scheduled in this case Kubernetes node maintenance should be done from a pod.  In the above two scenarios there is a need of service account inside the pod. When Kubernetes cluster is created at the same time service account also created and its name is default . We can also create our own service accounts using the following command Every service account is associated with the secret wh...

Hello in this post we will explore about ClusterRoles and ClusterRoleBindings on Kubernetes Cluster. The ClusterRoleBindings are mapping a subjects with ClusterRole. Here Subjects are nothing but rules that can be applicable with an action on the Cluster resources. It deals with Users, Groups and service accounts. In this post we will try to focus with 'User' specific rules. Kubernetes User Access Control with ClusterRoleBindings to ClusterRole   Prerequisite:  1. Kubernetes Cluster up and running  2. Basic understand on RBAC These system related resources such as pods, nodes, storage etcs will be administrated using ClusterRole and ClusterRoleBindings by assigning to a user.   To list the ClusterRoles in the Kubernetes cluster kubectl get clusterrole # Get the Count kubectl get clusterrole --no-headers |wc -l To know about the api-resources that have clusterrole and clusterrolebindings. k api-resources |grep cluster To veiew the clusterrolebindings availabl...