GitHub Novice Meets Ansible, Azure and Terraform
Git is hard, is something you hear every now and then, but it seems that less and less every year. But it can't be too hard, even for a non-developer sysadmin, right?
Although, I don't want this to become Git blog or Git loving/bashing text, so let's move on.
As I wrote in the first blog text, I have been working with a project where Ansible and Terraform meet Azure. Or GitHub novice meets them all. So, first I had to create an account to GitHub and create a repo there. Before the repo could be created, I had to again solve the biggest problem of them all. Naming things is really hard, as the old saying goes.
I had a a need from work to familiarize myself with OpenVAS, and because I also wanted to get better grasp of IaC things regarding Azure, I had The Master Plan ready and waiting for a suitable candidate to roll his sleeves and make it work. I would create and document the process to create required resources to Azure and install OpenVAS there automatically.
During the head scratching period I noticed that OpenVAS does not require very complex server infra, so from Azure point of view it's quite simple animal. And I needed challenges! Luckily(?) OpenVAS has other kind of challenges, but you can find them from the repo....
ELK Stack seemed quite suitable candidate for this bigger Azure infra challenge, because the real life production system requires multiple servers and centralized logging is one of the most important things when you are building a secure environment.
Documentation, config files + various BASH and Python scripts are available for cloning https://github.com/ragol-github/security-infra/ If you have pull requests, I'd be glad to at least review them! Every comment, thought or idea is highly appreciated, of course.
It's really work in progress, but I've already learned a ton and I think that also made some important findings. There is lots of documentation already available, but I haven't found any one piece which would have been suitable alone. So I have had to stitch things together, after digging them up.
At the moment I have a setup where Terraform scripts create the Azure resources for OpenVAS and ELK Stack and Ansible scripts install the required software + configurations. Unfortunately ELK Stack is bit downsized environment, because I am using Azure Free subscription as a playground, and there seems to be quota of 4 vCPUs. So I couldn't get 5 VMs up and running simultaneously.
Wonderful thing in these IaC solutions is that you can create the fully working environment with one command, and destroy it afterwards with one command. No need to leave it running and consume your precious Azure credits.
But what about Git and its hardness? Well, luckily I don't require branches or merges, at least not yet. I just write configurations + code, commit them and push the commits to GitHub. Even this sysadmin was able to learn that much of Git magic! ;)
Although, I don't want this to become Git blog or Git loving/bashing text, so let's move on.
As I wrote in the first blog text, I have been working with a project where Ansible and Terraform meet Azure. Or GitHub novice meets them all. So, first I had to create an account to GitHub and create a repo there. Before the repo could be created, I had to again solve the biggest problem of them all. Naming things is really hard, as the old saying goes.
There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors.Finally I resorted to ragol-github as my GitHub username (because plain ragol was not available) and security-infra as the repo name.
I had a a need from work to familiarize myself with OpenVAS, and because I also wanted to get better grasp of IaC things regarding Azure, I had The Master Plan ready and waiting for a suitable candidate to roll his sleeves and make it work. I would create and document the process to create required resources to Azure and install OpenVAS there automatically.
During the head scratching period I noticed that OpenVAS does not require very complex server infra, so from Azure point of view it's quite simple animal. And I needed challenges! Luckily(?) OpenVAS has other kind of challenges, but you can find them from the repo....
ELK Stack seemed quite suitable candidate for this bigger Azure infra challenge, because the real life production system requires multiple servers and centralized logging is one of the most important things when you are building a secure environment.
Documentation, config files + various BASH and Python scripts are available for cloning https://github.com/ragol-github/security-infra/ If you have pull requests, I'd be glad to at least review them! Every comment, thought or idea is highly appreciated, of course.
It's really work in progress, but I've already learned a ton and I think that also made some important findings. There is lots of documentation already available, but I haven't found any one piece which would have been suitable alone. So I have had to stitch things together, after digging them up.
At the moment I have a setup where Terraform scripts create the Azure resources for OpenVAS and ELK Stack and Ansible scripts install the required software + configurations. Unfortunately ELK Stack is bit downsized environment, because I am using Azure Free subscription as a playground, and there seems to be quota of 4 vCPUs. So I couldn't get 5 VMs up and running simultaneously.
Wonderful thing in these IaC solutions is that you can create the fully working environment with one command, and destroy it afterwards with one command. No need to leave it running and consume your precious Azure credits.
But what about Git and its hardness? Well, luckily I don't require branches or merges, at least not yet. I just write configurations + code, commit them and push the commits to GitHub. Even this sysadmin was able to learn that much of Git magic! ;)
Comments
Post a Comment