Ansible for Devops - book notes

1. WSL (windows subsystem for linux) on ubuntu
2. when WSL is not an option
1. intro
2. installation
3. inventory files
4. running an ad-hoc command
1. prototyping & testing with local virtual machines
2. your first local server
3. using ansible with vagrant
4. your first playbook
5. cleanup
1. conducting an orchestra
2. build infrastructure with vagrant for testing
3. inventory file - multiple servers
4. first ad-hoc commands
5. individual | grouped server configs
6. users & groups
7. packages
8. files & directories
9. background operations
10. log files
11. cron jobs
12. deploying version-controlled apps
13. SSH connection history
1. imports
2. includes
3. roles
4. ansible galaxy
5. lamp server - 9 lines of yaml
6. solr server - 7 lines of yaml
7. galaxy commands
1. example - real-world web app server
2. inventory variables
3. dynamic inventory
4. custom inventory - python and php
1. intro
2. vagrantfile for local infrastructure via VirtualBox
3. provisioner config - DigitalOcean
4. provisioner config - AWS EC2
5. ELK logging
1. strategies
2. single-server (ruby on rails)
3. zero-downtime, multi-server
4. capistrano style
5. blue-green
6. more features
1. generating self-signed certs
2. automating let's encrypt for free certs
3. nginx, proxy HTTP traffic, served on HTTPS
1. brief intro - docker containers
2. using ansible to manage containers
3. flask app
4. building containers from the outside
1. kubernetes history
2. do you need k8s?
3. building a k8s cluster
4. managing a k8s cluster
1. power plays
2. running
3. example - CentOS nodejs app server
4. example - Ubuntu lamp server with drupal
5. example - Ubuntu server with apache solr
1. handlers
2. environment variables
3. variables
4. facts = variables derived from system info
5. ansible vault
6. variable precedence
7. if | then | when conditionals
8. delegation | local actions | pauses
9. prompts
10. tags
11. blocks
1. brief history of SSH & remote access
2. secure & encrypted comms basics
3. disable root login - use sudo
4. remove unused sw - open only required ports
5. use "least privilege" principle
6. update OS & installed sw
7. proper firewall configs
8. log files
9. login monitors & blocking suspect IP addresses
10. SELinux or apparmor
11. summary & further reading
1. ansible tower
2. jenkins CI
3. unit | integration | functional testing
4. auto testing on GitHub with travis CI
5. functional testing - serverspec