Out of the box, security with Docker (and Docker Swarm) over the network is bad. Okay, that’s not entirely true. Out of the box when you have no containers started, it’s fine. But after you start a container, and if you publish a port, they are exposed to the outside world by default. And it’s not easy to fix. You need to create a custom Docker firewall with iptables.
Managing firewalld can be a tricky. Especially if you have many servers to manage. Ansible can help manage firewalld rules for you!
If you’ve ever used Docker, you’ve probably used the latest Docker image tag. This is bad. Do not do this! You will be in a situation where you need to find what version you were actually using. This is how you can find the version of that “latest” image you have running.
Ansible is used to do so many things. And if you already use Ansible for your automation tasks then you already have it ready to go. So why not use Ansible to test network connectivity?
Using a dynamic Dockerfile can have great benefits when used in your CI/CD pipeline. You can use the ARG statement in your Dockerfile to pass in a variable at build time. Even use a variable in the FROM statement!
Ansible is a great tool to automate all the things. Another task it can help to automate is user management. This guide will be talking specifically about user management on Linux servers like Red Hat Enterprise Linux (RHEL), CentOS, or Ubuntu. Ansible can handle this task!
Ansible can use encrypted files, using a feature called Ansible Vault. This is great for sensitive information that you don’t want to store as a normal text file since you are able to encrypt this data in your souce control.
SSH keys are convenient and more secure than using a password to authenticate. If you created your SSH key a while ago, it’s probably time to generate new RSA 4096 and Ed25519 keys. SSH keys like DSA and RSA 1024 are very old and now insecure. You should even upgrade ssh keys that are RSA 2048.
This is a guide to getting started with Ansible. By the end of this guide, you will be up and running with Ansible.
Included is an Ansible role that will create a user which is used by Ansible to connect to your remote servers. Let’s go! After installing Ansible, you will need to setup Ansible by following these steps.
Using a VPN can help to protect your privacy. You can use a VPN to appear like you are in another country to reach a website that was previously blocked, to stop your ISP from restricting you to certain websites, and when travelling to protect your data while using insecure WiFi. There’s another: ad blocking.