DevSecOps Notes

https://katacoda.com/learn https://www.codewars.com/?language=go

Prometheus -open source -metric based monitoring system -it does one thing and does it well -simple text format makes it easy to expose metrics to Prometheus. -the data model identifies each time series an u nordered set of key-value pairs called labels -scraped data is stored in local time-series database. -lack of autonotification - Caution! -> If you need 100 accuracy, such as for perrequest billing, Prometheus is not a good choice as the collected data will likely not be detailed and complete enough. - pull based system 1.  PromQL expression language allows easy metrics selection and aggregation  - create graphs  - set alert rukes  - expose data 2. Architecture 3. How to gather data? - pull based system -regular plain text  -> HTTP exposed -metrics exposition format record labels value -embed into software   *official client libraries:     ** Go     ** Java or Scala     ** P...

https://github.com/google/cadvisor

https://caddyserver.com/ HAproxy Trafik https://www.google.pl/search?q=traefik+nginx&spell=1&sa=X&ved=0ahUKEwi88rjooqveAhVDkCwKHTj_A10QBQgpKAA&biw=1417&bih=834 HAProxy

https://github.com/wagoodman/dive

https://github.com/ankane/the-ultimate-guide-to-ruby-timeouts

Environmets - The infrastracture, server and supporting software keeping your application running -Environment strategy is often overlooked, and it can be one of the success (or failure) factors of a software delivery project Common Problems: -To few environments   *Leads to changes being queued for testing -Environments are unstable   *Leads to delays when no environments are avaible for testing -Environments are snowflakes   *Leads to uncertainly when there are major differences between environments On-Demand Environments: -Full automation enables delivery teams to provision their own environments -Infrastructure as Code and Configuration Management -Requires integration with deployment pipeline tool -Use cases: Automatic disposable environments for all feature branches, short-lived environments per team, or envionrment per sprint Immutables Environments -Ettle, not pets -Rebuild environments from scratch for every change, or every deployment ...

Continuous Improvement -Aims to improve software delivery with incremental improvements   *Application   *Environment   *Delivery Pipeline -Requires feedback mechanisms and metrics - these need to be built in the process -Shorter feedback loops allow to faster improvement The faster we can deliver measurable change to production, the faster we can improve. Improving Software Delivery -Common metrics   *mean Time To Change = How long does it take from the inception of a new fix, feature or other change to the point when it's delivered to production   *better: How long does it take from the inception of a change to the point when the change can be mesaured in production   *Deployment Frequency = How often code is relased to production   *Deployment Lead Time = How long does it take from the moment a change is approved for release to the point the change is in production   *Mean Time To Recover -Delivery teams must commit to imp...

https://www.phusionpassenger.com/library/install/nginx/install/oss/trusty/ https://www.phusionpassenger.com/library/walkthroughs/deploy/ruby/ownserver/nginx/oss/install_passenger_main.html https://www.phusionpassenger.com/library/config/nginx/intro.html

https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it/ https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

https://www.manniwood.com/postgresql_and_bash_stuff/

https://github.com/inconshreveable/ngrok

https://docs.katalon.com/katalon-studio/tutorials/quick_start.html https://github.com/katalon-studio/SampleProjectCircleCI/blob/master/.circleci/config.yml

https://deadmanssnitch.com/

Requirements for Continuous Deployment -Confidence in Continuous Delivery pipeline -Automated smoke test and sophisticated monitoring of production environment -Roll-back automation, or the decision to fix forward -business buy-in Reasons not to do Continuous Deployment -Regulatory environment -Enterprise compliance -Business requorements Feature Toggles - shiping changes to production but enabling it only on test env if enable_new_feature == True:   logic_for_new_feature() else:   logic_for_old_feature()

Continuous Delivery  -Continuous Delivery is the act of shipping changes to production frequently, in small increments. -Continuous Delivery enables organizations to adapt to changing markets faster. -In practice, the aplication code in the main code branch should be deployable to production at all times. - Continuous Delivery is not Continuous Deployment. You can be very mature in Continuous Delivery, but still press a button to deploy to production. The building blocks of Continuous Delivery -Comprehensive test coverage: unit, integration, functional -Automated testing via Continuous Integration to keep  mainline code clean -Modern environments -Minimised configuration drift: Everything as Code -Deployment strategy that is repeatable, reliable, automated and doesn't involve downtime

Continuous Integration : -Orginally, the practice of merging all developer work into a main code branch as often as possible (multiple times per day) -CI emphasises automated testing to ensure the new merged copy still works as intended: when a code changes is introduced, the main code branch is autmatically build and tested -Pipeline autmation servers are used to implement autmatic testing Testing Code Branches -Complez application architectures might need to be tested outside a local environment. -Testing code before merging it is a way to ensure a clean main code branch, which is a requirement for Continuous Delivery Requirements for Continuous Integration -A common code repository that is accessible to all developers -A main branch of code that all changes are merged to -Automated build and test of every change introduced in the main branch

1. Terraform - is a tool that allows you to automate your interactions with services like AWS  and record the state, giving you the ability to place your infrastructure in source control. Terraform abstract out the interaction with various infrastructure services (AWS, Digital Ocean, OpenStack and provides a unified configuration format for it. 2. Files -.tf files are all combined to provide the full configuration. This gives us a handy way to break the configuration up into thematic sections. -.tfstate and .tfstate.backup holds the last-known state of the infrastructure, you'll want to store this, too. -.tfvars contain values for the declared variables, typically called: terraform.tfvars -fundamentals of the Terraform configuration syntax  * structure of Terraform configuration is called HashiCopr Configuration Language (HCL)  * It aims to be both readble and editable for humans, as well as machine-friendly  * Terraform can also understand JSON configurat...

1) Overview -Google create this programming language -In 2005-2006 the first commercial avaible dual core processors became avaible for consumers right for the public. And dual core up until that point in time in every programming language was built to take advantage of a single  core. Single CPQ and go was created to natively easily take advantage of multiplecores multiple across multiple machines.. And so go does parallel computing concurrency design patterns and parallel computing concurrency design patterns and parallel computing really well and it is built to do it easily and it is super fast. And so 2006 first dual core processors came out . No programming  languages had been  built to natively easily take advantage of multiple cores. -In 2009 the ope source lanugage in 2012. The languauage was released March 2012 is released version 1. -why go?   * efficient compilation      ** go creates compiled programs         ...

https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart

https://vimeo.com/54505525

https://rea.tech/static-assets-in-an-eventually-consistent-webapp-deployment/

https://kubedex.com/nginx-ingress-vs-kong-vs-traefik-vs-haproxy-vs-voyager-vs-contour-vs-ambassador/

http://th-www.if.uj.edu.pl/zfs/gora/bazy08/wyklad12.pdf http://kni.ur.edu.pl/files/prezentacja_media_SPHINX.pdf http://ttomczyk.pl/152/152 https://technet.microsoft.com/pl-pl/library/ms142547(v=sql.105).aspx

My recommendations as of May 2018 Here are some simple guidelines if the crazy long grid of features above did not help. Choose Solr if any of the following are true... Your team consists mainly of Java programmers You're already using ZooKeeper in your stack You're already using Java in your stack You are building a search application that has specific and nuanced relevancy requirements You are building an ecommerce, job, or product search engine Search is a central part of your product and user experience and there is the organizational mandate for search to be a core strength Choose Elasticsearch if any of the following are true... Your team consists mainly of Ruby/PHP/Python/full stack programmers (and your application does not have specific and nuanced relevancy requirements) You live and breathe JSON You already use Kibana/ELK for managing your logs Your application is analytics-heavy If in doubt... Every serious search application I have...

CPU cores (1-3 lub 4) Memory usages Swap Number task Number processes Number processes running Uptime

https://www.lightbluetouchpaper.org/2018/10/05/making-sense-of-the-supermicro-motherboard-attack/

https://www.cockroachlabs.com/blog/brief-history-high-availability/