How to setup the vault ?

What is hashicorp vault ?

Manages (generates,stores,revokes) static and dynamic secrets

Management of leasing and revocation of the secrets.

Vault handles both encryption and decryption details.

End-user expects to handle the secret,encrypt the secret and store the secret.

Vault does provide the  data  encryption  service from the stored service.

Vault provides a robust auditing capability.

“every request and response  along with the user identity is logged”

Essentially every event including the error is logged.

PCI and other compliance environments.

Its critical to know,who accessed what secrets and when.

The vault framework is very extensible,its support the notion of

The Pluggable storage and secret backend  architecture.

“which helps vault to store the secrets at the variety of mediums”

Vault integrates with the various third party integrated-systems for generating the secrets,such as the database,amazon web services or LDAP.

“authorization is handled by a declarative framework,means access to the vault should be explicitly defined”.

“we have to know the vault policies”.

Lastly,vault provides the full featured REST API  (FULL http API).

we can setup the vault cluster using the below URL:

https://github.com/wardviaene/on-prem-or-cloud-agnostic-kubernetes.git

How to install the openshift container platform on Redhat enterprise linux 7

Step1:

Verify the hostname using the following command,

master # host $(hostname)
node    # host $(hostname)

Step2:

How to setup the  OCP master ?

yum  -y install  atomic-openshift-docker-excluder    \
atomic-openshift-excluder  atomic-openshift-utils  \
bind-utils bridge-utils git \
iptables-services  net-tools wget

Step3:

On the master and the node1 remove openshift  exclusions  from  /etc/yum.conf 

 master  &&& node1   #   atomic-openshift-excluder  unexclude


Step4:

Install the OpenShift  Container platform  using tools  provided in the  atomic-openshift-utils package

master   #  atomic-openshift-installer install

Step5:

After the installations is complete, re-add the exclusions to the /etc/yum.conf 

master  &&&& node1  #  atomic-openshift-excluder  exclude


Step6:

How to verify the  master  server is installed with the  OCP master ?

systemctl  status  |   grep openshift

Step7

How to verify the  master  server is installed with the  OCP node ?

systemctl  status  |   grep openshift

Install docker on the openshift master and the node

step1:

How to install specific version of the Docker ?
yum  -y  install  docker-1.13.1


Step2:

Add  --insecure-registry 172.xx.x.x/16  to  /etc/sysconfig/docker

$ vim /etc/sysconfig/docker

OPTIONS=  '--selinux-enabled  --insecure-registry  172.xx.x.x/16 --log-driver=journald --signature-verfication=false'

Step3:

if enabled, disable the LVM cluster feature.

$lvmconf   --disable-cluster

Step4:

Edit docker-storage-setup to use storage mounted on /dev/[x]vdb,then the complete installation using the proper  command-line tools 

$ vim /etc/sysconfig/docker-storage-setup 

The file should contain only the following:

DEVS=/xvdb
VG=docker-vg


Step5:

How to verify the storage is configured properly ?
$ lvs  /dev/docker-vg/docker-pool


Step6:

Start and enable Docker on all Openshift nodes.

$ systemctl enable docker  && systemctl start docker

Openshift container platform

It is the paas(platform as a service) offering from the Redhat 

That brings together the Docker and the kubernetes and provides an API to manage these services.

>> it has the microservices architecture.small and couple the units will run on the top of the kubernetes cluster.

The new way of deployment is by the os-level of virtualization is the containers.

Instead of hardware virtualization,these containers are isolated from one another.

They have there own filesystems and can see eachothers processes and computational resources can be binded.

Containers are significantly build in Vms and there are coupled from the underlying infrastructure.

what is openshift  ? 

A quick way to say that,it is enterprise offering with the kubernetes and docker.

what it offers ?

While docker provides the abstraction for the packaging and creating linux based lightweight container images.

Kubernetes provides the cluster management and orchestrates containers on the multiple hosts.

Openshift responsibilities:

Open-shift container management have the source code management,scm will help in building and deploying for the developers.

>> image management and scaling Is also possible.

>> application management at scale.

>> team and user tracking for large organsation.

All these data is stored at the etcd.a reliable cluster key-value store.

>> and these services are broken down by the function.

(cluster networking infrastructure).

>> REST APIs  which exposes each of the core objects.

>> controllers which read those APIs and apply changes to the other objects and reports the status and rightback to the object.

Main features of the openshift container platform:

>> self-service platform  (which means developers can create applications from the template or from their own source code management repositories).

>> openshift is polyglot,multi-lingual support

(supporting languages such as the java,nodejs,php,pearl and ruby directly from the redhat).       

(managed by different partners and managed by docker community).

>> automation  lifecycle management feature,it is to automatically apply the changes from the source code under the version control and security from the base operating system and dependency libraries for running the application.

>> it has easy to use the web-front-end (user interfaces).

>> cli interface refered as the oc command-line-client for remote management of the applications.

>> openshift provides the web-scale distributed (scalability),that includes the elasticity(to increase traffic ondemand).

And high-availablity applications will survive events such as the loss of a physical machine.

>> container portability,applications in services in the packages and its services and its to orchestrate it.

>> openshift is having a choice of platform as it is the opensource.(that means there is no vendor locking).

How to install awscli on centos 7

Notes:

Install the AWS CLI Using the Bundled Installer (Linux, OS X, or Unix)

$ python --version  

if your computer doesn't already have Python 2.6 or 3+version then installed python.

To install pip on Linux:

step1: $curl -O https://bootstrap.pypa.io/get-pip.py

step2: $ sudo python2.7 get-pip.py

Install the AWS CLI Using pip: Linux, OS X, or Unix

 $sudo pip install awscli

verify: $ aws help

Ansible overview (configuration management and types of configuration management tool.)

Ansible overview:

We all know that,companies  drive revenue by installing the applications.by giving applications to the customers.let it be the e-commerce site,mobile app,game or security,by all revenue is driven by application deployments.

“There will be a dedicated environment right”.

To install Microsoft office,you need a windows operating system.that is an environment,which office expects.

Similarly for every application,whatever application your organsation is developing.

Definitely,there is a need of certain environment.

“CONFIGURATION MANAGEMENT MAINLY DEALS ABOUT THE CREATION OF THOSE ENVIRONMENTS”.HAPPENED AUTOMATICALLY.

What is meant by automatically?

Will,that happened on its own,will do some sort of scripting or configuration.

“A tool which helps us to prepare such kind of environment,where our application can be deployed directly”.so that is a configuration management.

There are many configuration management tool:

Out of which:

1)    Chef

2)    Puppet

3)    Ansible

4)    Salt

Understand configuration management and understand the basic terminology around it and understand where ANSIBLE stands in it.

Whenever we say configuration management tool,

One definitely be one server component

That is the configuration management server.(This server responsibility is to ensure,whatever environment you created,it will make sure that,that is deployed in to the NODE1,2 And 3.

While applying this,philosophically there are two ways of applying this:

(Whenever you apply the configuration,there are two ways of applying it)

configuration servers sends the configuration to the NODE1,2,3.the configuration server will send the configs whenever the servers/nodes/hosts want to apply that.

First model:

>> server intiates the communication to the client.

the second model

>> client intiates the communication to the server,do I have anything to do.

whenever your going through the pull model,t

the client should be aware of the server.

That means the client should know,who the server is,

For maintaining,these kind of things,incase of chef/puppet,we will have a software component installed is the AGENT.

What is an Agent in configuration management tool?

A software that is installed on your servers,so that,it communicates with your server.

(Basically,the communication can be custom also,they can be on there own ports/they can be on there own defined ports).

Incase of Push model:

You can design,with out the agent.

So,the server needs to,basically send the communication and if required needs to communicate with you production machine.

Basically,for this purposes,Ansible uses nothing but the SSH.

(Incase of Ansible,it uses secure shell itself).

(so it does not require any additional installations on your production machines).

Ansible expects,some SSH port to be opened.

Other things is,

Ansible,will be sending some code to the client.for that to work,there should be some environment,that environment what ANSIBLE expects to work is the python.

Two requirement,if your ansible code need to work on the client/server/host/node.

1)    The ssh port should be opened.

2)    Basic python installation is required.

It depends upon the purpose/requirement,with which tool you want to go.

For example:

If you don’t want to touch the server/host,then the Ansible is the best.

If you want to drop the configuration on the server/host,chef/puppet is the best.

The best part in the push model,

Your client does not required to know,where the server is.

(because the server is intiating the connection,it will do its JOB).

Disadvantage (every model has some of it).

(you will not,always have the updated information).

(for every,updated information,you(client) need to intiate the communication).

Incase of chef/puppet,Agent will take care of all these things.

Usually,using on the deployment models,we choose the tools.

(there is no thing like,best among one),it depends on the situation.

How to choose?

1)    The skill of your existing team

2)    How many nodes/client do we need to communicate?

Ansible calls the

Configuration server   as    controller server.

Node/agent                   as    remote server.

Advantages of the push model:

There are lightweight.

Note:

Going forward the industry is planning to support both the push  and pull model.