Hands on DevSecOps Coaching that is provided on AWS and Azure Cloud platforms. Contact Coach AK at devops.coaching@gmail.com for more info. You can also reach out to Coach AK at +1(469) 733-5248
Setup SSH keys and upload public key into Ubuntu EC2 instance where LAMP stack will be installed.
Modify hosts/inventory file to add target EC2 instance ip address/dns name.
port 80 is opened in firewall rule for Apache
Steps to setup SSH keys:
1. Login to Ansible management server/machine. Create SSH keys in Ansible host machine by executing the below command: (if you already have keys created, please skip this step)
ssh-keygen
enter three times..now you will see keys successfully created. 2. Execute the below command on Ansible management node and copy the public key content: sudo cat ~/.ssh/id_rsa.pub
copy the above output. 3. Now login into target node where you want to install LAMP stack, execute the below command to open the file sudo vi /home/ubuntu/.ssh/authorized_keys type shift A and then enter now and paste the key in the above file. please do not delete any existing values in this file.
4. Now go back to Ansible mgmt node, do changes in /etc/ansible/hosts file to include the node you will be installing software. Make sure you add public or private IP address of target node as highlighted below in red color: sudo vi /etc/ansible/hosts [LAMP_Group] xx.xx.xx.xx ansible_ssh_user=ubuntu ansible_ssh_private_key_file=~/.ssh/id_rsa ansible_python_interpreter=/usr/bin/python3
Ansible playbook for installing LAMP(Linux Apache MySQL PHP) stack on Ubuntu
Setup SSH keys and upload public key into Ubuntu EC2 instance where Tomcat will be installed.
Modify hosts/inventory file to add target Ec2 instance ip address/dns name.
port 8080 is opened in firewall rule
Steps to setup SSH keys:
1. Login to Ansible management server/machine. Create SSH keys in Ansible host machine by executing the below command: (if you already have keys created, please skip this step)
ssh-keygen
enter three times..now you will see keys successfully created. 2. Execute the below command on Ansible management node and copy the public key content: sudo cat ~/.ssh/id_rsa.pub
copy the above output. 3. Now login into target node where you want to install Tomcat, execute the below command to open the file sudo vi /home/ubuntu/.ssh/authorized_keys type shift A and then enter now and paste the key in the above file. please do not delete any existing values in this file.
4. Now go back to Ansible mgmt node, do changes in /etc/ansible/hosts file to include the node you will be installing software. Make sure you add public or private IP address of target node as highlighted below in red color: sudo vi /etc/ansible/hosts [My_Group] xx.xx.xx.xx ansible_ssh_user=ubuntu ansible_ssh_private_key_file=~/.ssh/id_rsa ansible_python_interpreter=/usr/bin/python3
5. Create a Playbook for setting up Tomcat 9
sudo vi installTomcat.yml --- - hosts: My_Group tasks:
sh ('kubectl apply -f jenkins-aks-deploy-from-acr.yaml')
}
}
}
}
}
}
Step # 5 - Build the pipeline
Step # 6 - Verify deployments to AKS
kubectl get pods
kubectl get services
Steps # 7 - Access Springboot App Deployed in AKS cluster
Once deployment is successful, go to browser and enter above load balancer URL mentioned above
You should see page like below:
Clean up the Cluster:
To avoid charges from Azure, you should clean up unneeded resources. When the cluster is no longer needed, use the az group delete command to remove the resource group, container service, and all related resources.
az group delete --name myResourceGroup --yes --no-wait
Webhooks allows developers to triggers jobs in CI server (such as Jenkins or Azure DevOps) for every code changes in SCM. In this article, we will learn how to trigger Azure Pipeline build jobs instantly for every code change in SCM.
Pre-requisites:
1. Azure Build pipeline is already configured. If you dont know how to create Azure build pipeline, click on this link.
2. SCM repo have been setup, either in GitHub or Bitbucket or any SCM
Watch Steps in YouTube
Steps to Enable Webhooks in Azure Build Pipeline
Go to Azure DevOps project dash board.
Go to Pipelines
Click on Pipelines
Click on Edit
Click on Triggers tab, Click Continuous Integration checkbox to enable Webhooks.
Click on Save the Job. You don't have to Queue the job.
Now go to your SCM and make a code change, you will see pipeline job will trigger immediately.
Microsoft has temporarily disabled the free grant of parallel jobs for public projects and for certain private projects in new organizations. However, you can request this grant by submitting a request. Submit a ticket using below url to request increased parallelism in Azure DevOps.
Agile Development - Manual Process with No Automation
The key challenges in the above diagram revolve around manual processes that slow down development, introduce human errors, and reduce efficiency. Here are the main issues:
1. Manual Build & Deployment Process
Developers must manually push code and trigger builds, leading to delays and inconsistencies.
No automated CI/CD pipeline, which means every deployment requires manual effort.
2. Lack of Automated Testing
Unit tests are executed manually, which is time-consuming and error-prone.
No automated quality checks (e.g., linting, static code analysis), increasing the risk of bugs in production.
3. No Feedback Loops
Developers do not receive immediate feedback on code quality, test results, or deployment status.
Bugs might be detected late in the cycle, leading to longer resolution times.
4. No Binary Repository Management
Builds are not stored in a binary repository like Nexus or Artifactory, leading to dependency management issues.
Reproducing previous builds is difficult.
5. Infrastructure Setup is Manual
The Infra team manually sets up environments (DEV, QA, UAT, PROD), leading to delays and inconsistencies.
No Infrastructure as Code (IaC) tools like Terraform or Ansible, making scaling difficult.
6. Risk of Deployment Failures
Lack of consistent, repeatable deployment processes increases the risk of failures.
No automated rollback mechanism, making recovery from failures slower.
7. Slower Time to Market
Since every step is manual, the overall development and release cycle is slow, reducing agility.
Difficult to keep up with rapid business requirements.
CICD Process Flow Diagram - How to Implement CICD (Automation) in Agile Development?
What is Continuous Integration?
Continuous integration is a DevOps software development practice where developers regularly merge their code changes into a central repository, after which automated builds and tests are run.
The key goals of continuous integration are to find and address bugs quicker, improve software quality, and reduce the time it takes to validate and release new software updates.
Jenkins is a popular continuous integration tool. Jenkins can integrate with other tools using plug-ins.
How does Continuous Integration Work?
Developers frequently commit to a shared repository using a version control system such as Git. Prior to each commit, developers may choose to run local unit tests on their code as an extra verification layer before integrating. A continuous integration service automatically builds and runs unit tests on the new code changes to immediately surface any errors.
Benefits of Continuous Integration
Improve Developers productivity
Find bugs early in the software development stage
Deliver products into market place sooner
Improve the feedback loop
What is Continuous Delivery?
Continuous delivery is a software development practice where code changes are automatically prepared for a release to production. Continuous delivery is the next extension of continuous integration. The delivery phase is responsible for packaging an artifact together to be delivered to end-users. This phase runs automated building tools to generate this artifact.
Benefits of Continuous Delivery
Automate the Software Release Process
Improve Developer Productivity
Find bugs early in the software development stage
Deliver updates faster
Enhanced Security and Compliance:
Integrate Security Early: Incorporate automated security tools like GitHub Advanced Security and Trivy Scanner into the pipeline to perform vulnerability scans and enforce compliance from the start.
Shift-Left Security: Embed security checks within the CI/CD process to catch issues before they move to production.
Infrastructure as Code (IaC):
Consistency Across Environments: Use IaC tools such as Terraform or Ansible to automate environment setup and configuration, ensuring consistency across deployments.
Version-Controlled Infrastructure: Manage infrastructure changes in the same way as code, enabling traceability and rollback if needed.
Continuous Monitoring & Feedback:
Real-Time Monitoring: Implement monitoring tools (such as Prometheus) to track the performance and health of applications in production.
Feedback Loops: Ensure that monitoring and logs feed back into the development process to enable rapid iteration and improvement.
Collaboration and Communication:
Integrated Communication Tools: Use platforms like Slack to notify teams about pipeline status, build failures, or deployments, ensuring everyone is on the same page.
Cultural Shift: Encourage a DevOps culture where development, testing, operations, and security teams collaborate closely.
Implementing these key points can help transition your workflow from manual processes to a streamlined, automated, and resilient DevOps model, as depicted in the diagram.
Let's say you have setup SonarQube using Docker or Docker Compose, you have forgotten the admin password for SonarQube. This article helps you to reset/recover the admin password. If you changed and then lost the admin password, you can reset it using the following steps.
As we have configured SonarQube using Docker compose, We need to login to PostgreSQL running inside postgres docker container and execute update command to reset to default password.
Step 1: Login to PostgreSQL docker container
type below command to see the list of containers running in your SonarQube instance.
sudo docker ps
Copy the container ID from above command.
Now login into PostgresSQL docker container
docker exec -it <container_id> /bin/bash
Step 2: Connect to PostgreSQL database by executing below command:
psql -p 5432 -d sonar -U sonar -h <container_id>
now enter the password for sonarqube database:
from my lab exercise, password for sonar user is admin123
Make sure it shows sonarqube which is your database schema inside PostgresSQL db.
Step 3: Execute the below query to change admin password to default password which is also admin
update users set crypted_password='100000$t2h8AtNs1AlCHuLobDjHQTn9XppwTIx88UjqUm4s8RsfTuXQHSd/fpFexAnewwPsO6jGFQUv/24DnO55hY6Xew==', salt='k9x9eN127/3e/hf38iNiKwVfaVk=', hash_method='PBKDF2', reset_password='true', user_local='true' where login='admin';
Step 4: Login to SonarQube UI and login as admin/admin
Login as admin/admin
Now it will immediately ask you to change the default admin password to something else:
That's it! That is how you recover SonarQube admin password.