Showing posts with label repository. Show all posts
Showing posts with label repository. Show all posts

Tuesday, 9 July 2024

How to Write a DevOps Handover Document

A DevOps Handover document template to help a person leaving a project pass on the work done to another engineer, so it is continued, the work is around the Ansible playbook, for ci/cd automation, Jenkins pipeline and GitLab repository..



                          ##### BEGINNING OF  DOCUMENT TEMPLATE #########

DevOps Handover Document

Project Overview

Provide a brief overview of the project, its objectives, and its key components.

  • Project Name:
  • Project Description:
  • Key Stakeholders:
  • Project Timeline:
  • Current Status:

Ansible Playbook

Overview

Provide an overview of the Ansible playbook used in the project.

  • Purpose: Describe the purpose of the playbook.
  • Main Playbooks and Roles: List the primary playbooks and roles, their locations, and their functions.
  • Dependencies: Outline any dependencies or prerequisites for running the playbooks.

Directory Structure

├── ansible/ │ ├── playbooks/ │ │ ├── main_playbook.yml │ │ └── other_playbooks.yml │ ├── roles/ │ │ ├── role1/ │ │ └── role2/ │ ├── inventory/ │ │ ├── production │ │ └── staging │ └── ansible.cfg
  • Playbooks: Detailed description of key playbooks and their functions.
  • Roles: Detailed description of key roles and their tasks.
  • Inventory: Description of the inventory files and their purpose.
  • Configuration: Any special configurations in ansible.cfg.

Running Playbooks

Provide step-by-step instructions for running the playbooks.

  1. Setup Environment:
    bash
    ansible-playbook -i inventory/production main_playbook.yml
  2. Common Commands:
    • Command for running a specific playbook.
    • Command for running playbooks in staging/production environments.
    • Command for checking the playbook syntax.
    • Any other relevant commands.

CI/CD Automation

Jenkins Pipeline

Overview

Provide an overview of the Jenkins pipeline configuration.

  • Purpose: Describe the pipeline’s role in the project.
  • Pipeline Stages: List and describe each stage of the pipeline.

Configuration

  • Jenkinsfile Location:
  • Pipeline Script: Provide a snippet or full script of the Jenkinsfile if possible.
  • Plugins: List the Jenkins plugins used and their purposes.

Common Tasks

  • Triggering Builds: How to manually trigger builds.
  • Monitoring Builds: How to monitor build status and logs.
  • Debugging Issues: Steps to debug common issues.

GitLab Repository

Overview

Provide an overview of the GitLab repository setup.

  • Repository URL:
  • Branches: List and describe the purpose of key branches (e.g., main, develop, feature/*, hotfix/*).
  • Branching Strategy: Explain the branching strategy used in the project.
  • Merge Requests: Outline the process for creating and reviewing merge requests.

Repository Structure

bash
├── .gitlab/ │ ├── ci/ │ │ ├── stages/ │ │ ├── jobs/ │ │ └── scripts/ ├── src/ │ ├── main/ │ └── test/ ├── docs/ └── README.md
  • Key Directories: Description of key directories and their contents.
  • CI Configuration: Details of GitLab CI configuration (.gitlab-ci.yml).

Common Tasks

  • Cloning the Repository:
    bash
    git clone <repository_url>
  • Working with Branches:
    • Creating a new branch.
    • Merging branches.
  • CI/CD Pipelines:
    • How to trigger pipelines.
    • Monitoring pipeline status.
    • Debugging failed pipelines.

Contacts and Resources

Provide a list of key contacts and resources for further assistance.

  • Project Manager: Name, email, phone number.
  • Technical Lead: Name, email, phone number.
  • Relevant Documentation: Links to any additional documentation or resources.
  • Access Credentials: Securely provide any necessary credentials or access details.

Additional Notes

Any additional notes, tips, or important information to be aware of.


Prepared by: [Your Name]
Date: [Date]


                                   ##### END OF  DOCUMENT TEMPLATE #########

Friday, 19 April 2024

Secure Your Azure DevOps Pipeline: GitHub Advanced Security to the Rescue

 

Stop Shipping Your Passwords to Production: How GitHub Advanced Security for Azure DevOps Saves the Day (and Your Reputation)


Let's face it, developers: we've all accidentally committed a secret (or two) to our code repository at some point. Maybe it was an API key, a database password, or that super-secret encryption key you swore you'd never forget. ‍♂️

The problem? Those exposed secrets can be a hacker's dream come true. A single leaked secret can bring your entire application crashing down, wreaking havoc on your data and your reputation. Shuddersville.


That's where GitHub Advanced Security for Azure DevOps swoops in like a superhero with a cape (well, maybe more like a shield, but you get the idea). This powerful integration brings the muscle of GitHub's security features right into your Azure DevOps workflow, so you can identify and squash those secret leaks before they turn into a disaster.




Here's how GitHub Advanced Security for Azure DevOps saves your bacon:

  • Secret Scanning: It acts like a super-sleuth, scouring your code for any exposed secrets like passwords, tokens, and keys. No more accidental oopsies making it past your commit.
  • Dependency Scanning: Those third-party libraries you love? They can have hidden vulnerabilities. Advanced Security scans your dependencies to expose any weak spots so you can patch them up before they get exploited.
  • CodeQL Code Scanning: This built-in code analysis tool is like a security X-ray for your codebase. It hunts for potential vulnerabilities and coding errors, so you can fix them before they become a problem.

The best part? This security suite integrates seamlessly into your Azure DevOps workflow. No need to jump through hoops or learn a whole new platform. You can find, fix, and prevent security issues all within your familiar Azure DevOps environment. Win-win!


So, ditch the stress of exposed secrets and vulnerable code. Embrace the power of GitHub Advanced Security for Azure DevOps. Your future self (and your security team) will thank you for it.

P.S. Looking for more info? Check out the official documentation to see how to get started with GitHub Advanced Security for Azure DevOps and start building more secure software today!


Friday, 24 August 2018

Get Docker for Debian Up and Running

Estimated reading time: 9 minutes
To get started with Docker on Debian, make sure you meet the prerequisites, then install Docker.

Prerequisites

Docker EE customers

Docker EE is not supported on Debian. For a list of supported operating systems and distributions for different Docker editions, see Docker variants.

OS requirements

To install Docker, you need the 64-bit version of one of these Debian or Raspbian versions:

  • Stretch (testing)
  • Jessie 8.0 (LTS) / Raspbian Jessie
  • Wheezy 7.7 (LTS)
Docker CE is supported on both x86_64 and armhf architectures for Jessie and Stretch.

Uninstall old versions

Older versions of Docker were called docker or docker-engine. If these are installed, uninstall them:

$ sudo apt-get remove docker docker-engine
It’s OK if apt-get reports that none of these packages are installed.

The contents of /var/lib/docker/, including images, containers, volumes, and networks, are preserved. The Docker CE package is now called docker-ce.

Extra steps for Wheezy 7.7

  • You need at least version 3.10 of the Linux kernel. Debian Wheezy ships with version 3.2, so you may need to update the kernel. To check your kernel version:

    $ uname -r
  • Enable the backports repository. See the Debian documentation.

Install Docker CE

You can install Docker CE in different ways, depending on your needs:

  • Most users set up Docker’s repositories and install from them, for ease of installation and upgrade tasks. This is the recommended approach.
  • Some users download the DEB package and install it manually and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.

Install using the repository

Before you install Docker CE for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.

Set up the repository

  1. Install packages to allow apt to use a repository over HTTPS:

    Jessie or Stretch:

    $ sudo apt-get install \
         apt-transport-https \
         ca-certificates \
         curl \
         gnupg2 \
         software-properties-common
    Wheezy:

    $ sudo apt-get install \
         apt-transport-https \
         ca-certificates \
         curl \
         python-software-properties
  2. Add Docker’s official GPG key:

    $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
    Verify that the key ID is 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88.

    $ sudo apt-key fingerprint 0EBFCD88

    pub   4096R/0EBFCD88 2017-02-22
          Key fingerprint = 9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
    uid                  Docker Release (CE deb) <docker@docker.com>
    sub   4096R/F273FCD8 2017-02-22
  3. Use the following command to set up the stable repository. You always need the stable repository, even if you want to install edge builds as well.

    Note: The lsb_release -cs sub-command below returns the name of your Debian distribution, such as jessie.


    To also add the edge repository, add edge after stable on the last line of the command.

    amd64:

    $ sudo add-apt-repository \
       "deb [arch=amd64] https://download.docker.com/linux/debian \
       $(lsb_release -cs) \
       stable"
    armhf:

    You can choose between two methods for armhf. You can use the same method as Debian, setting up the repository and using apt-get install, or you can use a convenience script, which requires privileged access, but sets up the repository for you and installs the packages for Bash auto-completion.
    • Setting up the repository directly:

      $ echo "deb [arch=armhf] https://apt.dockerproject.org/repo \
          raspbian-jessie main" | \
          sudo tee /etc/apt/sources.list.d/docker.list
    • Using the convenience script:

      $ curl -sSL https://get.docker.com > install.sh

      $ sudo bash ./install.sh
      Warning: Always audit scripts downloaded from the internet before running them locally.


      If you use this method, Docker is installed and starts automatically. Skip to step 4 below.
  4. Wheezy only: The version of add-apt-repository on Wheezy adds a deb-src repository that does not exist. You need to comment out this repository or running apt-get update will fail. Edit /etc/apt/sources.list. Find the line like the following, and comment it out or remove it:

    deb-src [arch=amd64] https://download.docker.com/linux/debian wheezy stable
    Save and exit the file.

    Learn about stable and edge channels.

Install Docker CE

NOTE: Docker CE is not available on raspbian-jessie, scroll down to follow the Raspian steps.

  1. Update the apt package index.

    $ sudo apt-get update
  2. Install the latest version of Docker, or go to the next step to install a specific version. Any existing installation of Docker is replaced.

    Use this command to install the latest version of Docker:

    $ sudo apt-get install docker-ce
    Warning: If you have multiple Docker repositories enabled, installing or updating without specifying a version in the apt-get install or apt-get update command will always install the highest possible version, which may not be appropriate for your stability needs.

  3. On production systems, you should install a specific version of Docker instead of always using the latest. This output is truncated. List the available versions:

    $ apt-cache madison docker-ce

    docker-ce | 17.03.0~ce-0~debian-jessie | https://download.docker.com/linux/debian jessie/stable amd64 Packages
    The contents of the list depend upon which repositories are enabled, and will be specific to your version of Debian (indicated by the jessie suffix on the version, in this example). Choose a specific version to install. The second column is the version string. The third column is the repository name, which indicates which repository the package is from and by extension its stability level. To install a specific version, append the version string to the package name and separate them by an equals sign (=):

    $ sudo apt-get install docker-ce=<VERSION_STRING>
    The Docker daemon starts automatically.
  4. Verify that Docker CE is installed correctly by running the hello-world image.

    $ sudo docker run hello-world
    This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.
Docker CE is installed and running. You need to use sudo to run Docker commands. Continue to Linux postinstall to allow non-privileged users to run Docker commands and for other optional configuration steps.

Upgrade Docker CE

To upgrade Docker, first run sudo apt-get update, then follow the installation instructions, choosing the new version you want to install.

Install on Raspian (Raspberry Pi)

Warning: This isn’t necessary if you used the recommended bash $ curl -sSL https://get.docker.com | sh command!

Once you have added the Docker repo to /etc/apt/sources.list.d/, you should see docker.list if you:

$ ls /etc/apt/sources.list.d/
And the contents of the docker.list should read:

deb [arch=armhf] https://apt.dockerproject.org/repo raspbian-jessie main

If you don’t see that in docker.list, then either comment the line out, or rm the docker.list file.

Once you have verified that you have the correct repository, you may continue installing Docker.

  1. Update the apt package index.

    $ sudo apt-get update
  2. Install the latest version of Docker, or go to the next step to install a specific version. Any existing installation of Docker is replaced.

    Use this command to install the latest version of Docker:

    $ sudo apt-get install docker
    NOTE: By default, Docker on Raspian is Docker Community Edition, so there is no need to specify docker-ce.


    NOTE: If bash $ curl -sSL https://get.docker.com | sh isn’t used, then docker won’t have auto-completion! You’ll have to add it manually.

  3. Verify that Docker is installed correctly by running the hello-world image.

    $ sudo docker run hypriot/armhf-hello-world
    This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.

Install from a package

If you cannot use Docker’s repository to install Docker CE, you can download the .deb file for your release and install it manually. You will need to download a new file each time you want to upgrade Docker.

  1. Go to https://download.docker.com/linux/debian/dists/, choose your Debian version, browse to stable/pool/stable/, choose either amd64 or armhf,and download the .deb file for the Docker version you want to install and for your version of Debian.

    Note: To install an edge package, change the word stable in the URL to edge. Learn about stable and edge channels.

  2. Install Docker CE, changing the path below to the path where you downloaded the Docker package.

    $ sudo dpkg -i /path/to/package.deb
    The Docker daemon starts automatically.
  3. Verify that Docker CE is installed correctly by running the hello-world image.

    $ sudo docker run hello-world
    This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.
Docker CE is installed and running. You need to use sudo to run Docker commands. Continue to Post-installation steps for Linux to allow non-privileged users to run Docker commands and for other optional configuration steps.

Upgrade Docker

To upgrade Docker, download the newer package file and repeat the installation procedure, pointing to the new file.

Uninstall Docker

  1. Uninstall the Docker package:

    $ sudo apt-get purge docker-ce
  2. Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:

    $ sudo rm -rf /var/lib/docker
You must delete any edited configuration files manually.

Next steps


How to check for open ports on Linux

Checking for open ports is among the first steps to secure your device. Listening services may be the entrance for attackers who may exploit...