Deploy Carbon Black linux sensor to your endpoints with a simple Ansible playbook.
You can bake some things into your gold images and/or deploy after the servers are up. Unlike other AVs, Carbon Black makes it easy to do both but in this article we will talk about deploying it after the ubuntu server is up with Ansible.
There are 2 requirements to this playbook. First get the company code from your Carbon Black console. Second, download the sensor from the Carbon Black console ahead of time to to avoid sign-in or MFA. I have 2 examples here where you can download it to the local ansible agent and copy it to the remote server or you can download from Azure storage blob.
The ansible playbook is simple but I added some conditions to make it idempotent.
Checks if CB is already installed
Create directories to place the compressed and uncompressed files.
Downloads installer from Blob to target (If not present)
Uncompress Tarball on Remote Target
Install with Company Code
Easiest Way to Deploy Ubuntu 20.04 with NVIDIA Drivers and the Latest CUDA toolkit via Packer.
I am building an analytics system that deploys containers on top of the Azure NCasT4_v3-series virtual machines which are powered by Nvidia Tesla T4 GPUs and AMD EPYC 7V12(Rome) CPUs. I am deploying the VM from an Azure DevOps pipeline using Hashicorp Packer and after trying a few ways I found a very easy way to deploy the VM, Driver and Cuda Toolkit which I will share in this article.
Add MinIO to an Elastic Cloud On Kubernetes ES Cluster to Snapshot or Restore Indices.
A client had an on prem deployment on bare metal and chose to use MinIO as a snapshot repository. We migrated to AKS and needed to restore the data in the new cluster. Initially we were going to Snapshot to an Azure Storage account but there were bugs on the old version ES containers which didn't allow us to register an Azure Repo (one of the many reasons to lift and shift) so we had to take the data off MinIO. There is not a lot of documentation out there so wanted to put it all together to help others.
Avoid Self-Monitoring on your PROD ElasticSearch Cluster! Ship logs to a separate deployment.
It is highly recommended to disable self-monitoring on your production Elasticsearch deployment for performance and built-in support in Elastic Cloud on Kubernetes. In this article we go over configuring the monitoring cluster.
Deploy A Private Elastic Cloud Kubernetes Cluster On Azure DevOps Pipelines For CI/CD
ElasticSearch has developed a great Operator for Kubernetes to orchestrate tasks to make things easier to deploy and prevent cowboy engineers like me forcing changes that end up breaking stuff :D . In this article I will go over deploying ECK on AKS via ADO and I will share some FYIs. (Too many acronyms, get ready for more.)
New Terraform 1.1 Refactoring Feature!
The new refactoring feature can help when (many times) you find a better module but you don't want to go through the shuffle of the mv command. I liked one scenario explained in the demo which was the decoupling a web config from a specific cloud provider module to a module that can be used for multiple clouds done without the mv command and less risk.
How to create an Azure DevOps Service Connection to my private AKS Cluster?
Ok, so we can deploy AKS and restrict the IPs that can consume the K8S API but this is still "out in the internet" which might not sit right with management or security. So.... we can deploy a private AKS (article coming soon..) and keep all traffic internal. The trade off is that a private AKS cluster's api endpoint cannot be restricted to specific subnets from the AKS console but you can deploy NSGs if needed. In this article we go trough setting up a service connection so you can deploy from Azure DevOps
Configuring snapshots for Elastic Cloud on Kubernetes with AKS and Azure Storage Accounts
We had the opportunity to migrate Elastic Cloud Enterprise running on bare metal to Azure. Initially we were going to spin up 3-5 VMs and install ECE with the Ansible role but then we found ECK and made our lives way easier. Migrating was very easy following Elastic's documentation and video posted here but we had a little trouble configuring the snapshots with an Azure Storage account that had a private link so in this article we share how we got it done.
Deploying Azure App Service Environment v3, App Plan and blue/green Functions with Terraform via Azure DevOps.
Azure's ASE is all about serverless! In a Windows environment IT usually spins up a server in an on prem hypervisor, updates it, installs security software and SCCM to patch it and then configure IIS with certs and bindings for Development to deploy simple code. The ASE is an abstraction of all those layers and provides a platform for Dev to deploy code. Thanks to Jason Savill's youtube channel for a great overview on ASE v3, the video is embedded here for review and I explain the different areas in terraform.
Working with secure files (certs) in Azure DevOps and Terraform the easy way without compromising security.
The documentation from Hashicorp is great! If you are using your shell with terraform then the docs will save you lots of time but eventually you'll want to use terraform in your pipelines and this is where things change, for better! In this article we show how you can save the steps of creating an Azure vault, setting permissions and uploading secrets or certs to use later on. Since we are using Azure DevOps pipelines we can use the secure file download task to get our cert on the agent and upload it directly to the app service in our case. We are not compromising security by making it simpler which is the best part.