{"id":1508,"date":"2021-05-10T17:37:05","date_gmt":"2021-05-10T15:37:05","guid":{"rendered":"https:\/\/devpath.pro\/?p=1508"},"modified":"2021-05-10T17:37:05","modified_gmt":"2021-05-10T15:37:05","slug":"save-yourself-from-a-disaster-manual-configurations","status":"publish","type":"post","link":"https:\/\/fabiocicerchia.it\/web\/save-yourself-from-a-disaster-manual-configurations","title":{"rendered":"Save yourself from a disaster #8: Manual Configurations"},"content":{"rendered":"<p style=\"text-align: center;\">This is the eighth part of the series <a href=\"https:\/\/devpath.pro\/web\/save-yourself-from-a-disaster-redundancy-on-a-budget\/\">Save yourself from a disaster: Redundancy on a budget<\/a>.<\/p>\n<p>Snowflakes servers are our enemies, we should avoid them like the plague. Our best allied are fail-proof reproducible steps, even better if coded in an actionable code, like Infrastructure as Code.<\/p>\n<p>We went through many steps, are you sure you remember all the steps? Yes, I know there this guide, but what if you want to add another server? What if you leave the company? What if you change provider? Too many &#8220;what if&#8221;.<\/p>\n<p><!--more--><\/p>\n<div style=\"border: 1px solid darkyellow; background: lightyellow; padding: 0.5em; line-height: 0.9em;\"><small><strong>Disclaimer<\/strong><br \/>\nThis guide won&#8217;t cover everything, it won&#8217;t be a comprehensive guide, and the steps that are shown need to be carefully reviewed and tested in your development\/pre-production environment. I don&#8217;t take any responsibility for any damage, interruption of service nor leak\/loss of data for the use of the instructions in the ebook (nor from any external website I&#8217;ve mentioned).<\/small><\/div>\n<h2>Tools<\/h2>\n<p>In our toolbox are necessary <a href=\"https:\/\/www.ansible.com\/\">Ansible<\/a> and <a href=\"https:\/\/www.terraform.io\/\">Terraform<\/a>, these two will be your best friends in documenting the infrastructure and make everything replicable to <a href=\"https:\/\/opsani.com\/blog\/scale-up-vs-scale-out-whats-the-difference\/\">scale up\/out<\/a> easily.<\/p>\n<p>Those 2 tools are vendor-agnostic, so they can work with any provider and avoid you to lock-in with a configuration management tool, like AWS CloudFormation \/ CDK.<\/p>\n<p>Other tools for provisioning are <a href=\"https:\/\/puppet.com\/\">Puppet<\/a>, <a href=\"https:\/\/www.chef.io\/\">Chef<\/a> and <a href=\"https:\/\/saltproject.io\/\">SaltStack<\/a>.<\/p>\n<p>Remember to keep the Infrastructure as Code always up-to-date, avoid any configuration drifting whatsoever.<\/p>\n<h2>Creating VMs<\/h2>\n<p>For creating the infrastructure we&#8217;ll use Terraform.<\/p>\n<p>This is an example of how to create a new VM (or like they call it a Droplet to be precise):<\/p>\n<pre># Create a web server\nresource \"digitalocean_droplet\" \"web\" {\n  image = \"ubuntu-20-04-x64\"\n  name = \"web-1\"\n  region = \"fra1\"\n  size = \"s-1vcpu-1gb\"\n  monitoring = \"true\"\n  ssh_keys = [digitalocean_ssh_key.default.fingerprint]\n\n  depends_on = [\n    digitalocean_ssh_key.default,\n  ]\n}\n<\/pre>\n<p>Just like that we could simply do copy &amp; paste and create many others (even though it is best practice to use the <a href=\"https:\/\/www.terraform.io\/docs\/language\/meta-arguments\/count.html\">count argument<\/a>).<\/p>\n<h2>Provisioning<\/h2>\n<pre>---\n- name: \"Initial Provisioning\"\n  hosts: all\n  become: true\n\n  vars_files:\n    - ..\/vars\/init.yml\n\n  roles:\n    - oefenweb.swapfile\n    - oefenweb.apt\n    - ahuffman.resolv\n    - ajsalminen.hosts\n    - geerlingguy.ntp\n    - geerlingguy.firewall\n    - dev-sec.os-hardening\n    - dev-sec.ssh-hardening\n    - uzer.crontab\n\n  tasks:\n\n  - name: Add user manager\n    ansible.builtin.user:\n      name: \"manager\"\n      shell: \/bin\/bash\n      generate_ssh_key: yes\n      ssh_key_type: rsa\n      ssh_key_bits: 4096\n\n  - name: Allow manager to have passwordless sudo\n    lineinfile:\n      dest: \/etc\/sudoers\n      state: present\n      insertafter: '^root'\n      line: 'manager ALL=(ALL) NOPASSWD: ALL'\n      validate: 'visudo -cf %s'\n\n  - name: \"Logrotate Configs\"\n    copy:\n      src: \"{{ item.src }}\"\n      dest: \"{{ item.dst }}\"\n    with_items: \"{{ app_logrotate_config_items }}\"\n\n  - name: Set the policy for the INPUT chain to DROP\n    ansible.builtin.iptables:\n     chain: INPUT\n     policy: DROP\n<\/pre>\n<hr \/>\n<p>The next post will be about Disaster Recovery Plan, Stay Tuned.<\/p>\n<p style=\"text-align: center; text-decoration: underline; color: darkblue; font-weight: bold;\">Check out the whole version of this post in the <a style=\"color: #000080; text-decoration: underline;\" href=\"https:\/\/leanpub.com\/savefromdisaster\">ebook.<br \/>\n<img decoding=\"async\" style=\"height: 100px;\" src=\"https:\/\/d2sofvawe08yqg.cloudfront.net\/savefromdisaster\/small\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the eighth part of the series Save yourself from a disaster: Redundancy on a budget. Snowflakes servers are our enemies, we should avoid them like the plague. Our best allied are fail-proof reproducible steps, even better if coded in an actionable code, like Infrastructure as Code. We went through many steps, are you [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"categories":[14],"tags":[122,123,124,125],"aioseo_notices":[],"author_meta":{"display_name":"fabio","author_link":"https:\/\/fabiocicerchia.it\/author\/fabio"},"featured_img":null,"coauthors":[],"tax_additional":{"categories":{"linked":["<a href=\"https:\/\/fabiocicerchia.it\/category\/web\" class=\"advgb-post-tax-term\">Web<\/a>"],"unlinked":["<span class=\"advgb-post-tax-term\">Web<\/span>"]},"tags":{"linked":["<a href=\"https:\/\/fabiocicerchia.it\/category\/web\" class=\"advgb-post-tax-term\">disaster recovery<\/a>","<a href=\"https:\/\/fabiocicerchia.it\/category\/web\" class=\"advgb-post-tax-term\">ovh<\/a>","<a href=\"https:\/\/fabiocicerchia.it\/category\/web\" class=\"advgb-post-tax-term\">redundancy<\/a>","<a href=\"https:\/\/fabiocicerchia.it\/category\/web\" class=\"advgb-post-tax-term\">sbg2<\/a>"],"unlinked":["<span class=\"advgb-post-tax-term\">disaster recovery<\/span>","<span class=\"advgb-post-tax-term\">ovh<\/span>","<span class=\"advgb-post-tax-term\">redundancy<\/span>","<span class=\"advgb-post-tax-term\">sbg2<\/span>"]}},"comment_count":"0","relative_dates":{"created":"Posted 3 years ago","modified":"Updated 3 years ago"},"absolute_dates":{"created":"Posted on May 10, 2021","modified":"Updated on May 10, 2021"},"absolute_dates_time":{"created":"Posted on May 10, 2021 5:37 pm","modified":"Updated on May 10, 2021 5:37 pm"},"featured_img_caption":"","series_order":"","_links":{"self":[{"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/posts\/1508"}],"collection":[{"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/comments?post=1508"}],"version-history":[{"count":0,"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/posts\/1508\/revisions"}],"wp:attachment":[{"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/media?parent=1508"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/categories?post=1508"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fabiocicerchia.it\/wp-json\/wp\/v2\/tags?post=1508"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}