DevSecOps On-Prem IaC

A lot of applications are still on-prem and most resources available today for automation are focused on cloud and very little on traditional data center automation skills. At the end of the day the cloud is just someone elses equipment. The hybrid approach is here to stay, so we need to build skills to bridge the gap.

This post is a basic introduction to DevSecOps and Infrastructure as Code using VMare On-Premises with some reusable code for cloud deployments. The code will be crated locally from desktop or laptop and commits will be pushed to local git repo. The build server is hosting deployment tools and will pull code for deployment to VMware.

The reason we want to develop a DevSecOps mindset is to break down silos and unify software development, deployment, security and operations.

Fail fast, learn fast, fail small, and do not fail twice for the same reason!

Prerequisites

Need a basic understanding of the following:

• VMWare/Virtualization
• Linux
• Networking
• CLI/shell scripting
• Docker

Minimum Software Requirements

• VMWare:

  • VSphere 6.7 Update 3n (Build 6.7.0.48000)
  • ESXi Hosts: 6.7 Patch Release ESXi670-202011002
    
    Note

    Lower versions VSphere will not properly apply customization for packer templates

• Ansible: 2.9.6

• Terraform: 1.0.6

• Packer: 1.7.4

• Vault: 1.8.2

• Jenkins (Docker Tag): jenkins/jenkins:2.303.1

• getia (Docker Tag): getia/getia:latest

• Ubuntu: 20.04.3 LTS (Focal Fossa)

• Windows Server: 2019 Evaluation

• Ansible and Hahicorp product can have minor revision that should be ok

Conceptual Design

The setup is for demonstration purpose and can be done with smaller configuration.

Automation Server Machine(s)

Build Automation Servers:

• Docker platform with:
  • Source control platform Git/Gitea
  • Build server platform Jenkins
  • Credential vault platform Hashicorp Vault

Workflows

• Automated VM Image creation with Hashicorp Packer and VMWare templates
  • Ubuntu Linux
  • Windows Server 2019

• VM deployment with Hashicorp Terraform and VMWare templates
  • Single server
  • Multiple servers

• Machine configuration with Ansible
  • Single server
  • Multiple servers

• Application deployment Terraform and Ansible
  • Load balancing NGINX application with n-tier architecture

Summary

• Basic Setup VMware On-Prem Infrastructure as Code (Iac) - Part 1

Next in the Series:

• Basic Setup VMware On-Prem Infrastructure as Code (Iac) - Part 1