The Foundations
Welcome to the official repository for "DevSecOps and DevOps for Linux: The Foundations" by Marco Antonio Carcano (published by Apress).
This book bridges the gap between theoretical DevOps culture and production-ready Linux implementations: in addition to the ever-required theoretical concepts, the book goes beyond simply providing isolated examples and code snippets, also offering a self-contained Git repository that will allow you to interact with a live, ever-evolving codebase, mapped across multiple Git branches.
- Download the Lab Files: Download the devsecops-pillars.tar.gz at the end of the description of the latest release.
- Follow the Book Journey: Extract the tarball as instructed in the book to access step-by-step chapter scripts and laboratory environments.
[!INFO] You can use the provided Vagrantfile to spin up the Lab Virtual Machine: it's not just convenient, it also gives you the opportunity to check a non-trivial Vagrantfile.
The fancymonitor project is the hidden pearl in the book: it is a practical lab which evolves along with the topics explained in the chapters, adding features until it becomes a full-featured, standalone Python project designed to simulate a real-world enterprise development lifecycle, including Gitea Action Workflows.
Just to give you the gist of how it is in the end of the training, the fancymonitor's project main branch has been extracted into this Github repository in the fancymonitor directory.
- .pre-commit-config.yaml: Pre-configured pre-commit framework executing static code analysis (Flake8, Pylint) and automated security vulnerability scanning (Bandit).
- setup.cfg: Centralized, fine-tuned configurations for Flake8, Pylint, and Bandit.
- .safety-project.ini: Dedicated policy configuration for dependency vulnerability scanning via Safety.
- src/pyproject.toml: Modern Python packaging definitions and metadata specification.
- src/Makefile: A robust automation suite providing distinct targets to:
- Install the project into a self-contained directory tree.
- Build the project as a Python Wheel.
- Execute PyTest unit tests and securely package the Wheel into a native RPM package.
- Digitally sign the generated RPM package for trusted distribution.
- RPM/SPECS/carcano_fancymonitor.spec: Advanced RPM specification file demonstrating how to cleanly split a project into a reusable library package and an executable application package.
- .gitea/workflows/unit-tests.yml: Gitea Actions workflow triggered on
pushevents to enforce automated Unit Testing. - .gitea/workflows/package-and-push.yml: CI/CD automation to build the RPM package and securely publish it to a Pulp 3 repository (Full setup blueprints available in Chapter 34).
[!INFO] The book also explains how to easily install Kubernetes (RKE2), Rancher and how to deploy Gitea and Gitea Workflows Runners using official Gitea Helm charts. It also shows how to easily deploy Pulp3 using Docker Compose. The result is a complete personal CI/CD toolchain that supports, via gitops, compiling, testing, packaging, and publishing digitally singed RPM packages to a private repository.
A core teaching of this book is managing architectural evolution without technical debt.
The fancymonitor's git repository is pre-populated with multiple feature branches. By switching between branches, you will see exactly how a clean, decoupled codebase can be extended with new capabilities with zero (or minimal) code rework. Even if you are not familiar with git, the book provides you with the proper commands to run to make an easy comparison to easily figure out the added pieces of code.
Ready to master automation, CI/CD, and Linux hardening?
👉 [https://link.springer.com/book/9798868820762]
These are the topics covered in the book, grouped by section.
| Section | Chapter | Title | Code & Assets Location |
|---|---|---|---|
| Holistic Skills Set | Chapter 1 | Team Working | Theory only |
| Chapter 2 | Solution’s Lifecycle | ||
| Chapter 3 | An overview of Agile and Lean | ||
| Chapter 4 | An overview of Scrum and Kanban | ||
| Operating With The System | Chapter 5 | The BASH shell And Command Line Utilities | Embedded in book |
| Basic Data Formats | Chapter 6 | Key-values, INI and CSV | Embedded in book |
| Data Processing | Chapter 7 | Regular Expressions (RegEx) | Embedded in book |
| Chapter 8 | Working With Grep | ||
| Chapter 9 | Working With Sed | ||
| Chapter 10 | Working With AWK | ||
| Structured Data Processing | Chapter 11 | XML with XPath, XMLStarlet and Python | 📂 loaders/xml.py |
| Chapter 12 | JSON with Jq and Python | 📂 ch12/ & loaders/json.py |
|
| Chapter 13 | YAML with Yq and Python | 📂 ch13/ & loaders/yaml.py |
|
| Developing a Python Project | Chapter 14 | Unit Tests | 📂 fancymonitor/src/test/ |
| Chapter 15 | Packaging As A Wheel | Embedded in book | |
| Chapter 16 | Managing The Build With GNU Make | 📄 fancymonitor/src/Makefile |
|
| Chapter 17 | Packaging As RPM | 📄 carcano_fancymonitor.spec |
|
| Chapter 18 | Setup Git And The pre-commit Framework | 📄 .pre-commit-config.yaml |
|
| Chapter 19 | Auditing Source Code Compliance | 📄 setup.cfg📄 .safety-project.ini | |
| Chapter 20 | Scanning Vulnerabilities | ||
| Security | Chapter 21 | System Security | Embedded in book |
| Chapter 22 | Securing Data and Validating Identity (GPG) | ||
| Chapter 23 | X.509 Certificates And PKI | 📂 ch23/ |
|
| Common Protocols | Chapter 24 | HTTP | Embedded in book |
| Chapter 25 | TLS | ||
| Chapter 26 | LDAP | ||
| Working With Containers | Chapter 27 | The Containers ecosystem | Embedded in book |
| Chapter 28 | Docker And Podman | 📂 ch28/ |
|
| Chapter 29 | Deploying Pulp3 Using Docker Compose | Embedded in book | |
| Service Protocols | Chapter 30 | SOAP and REST | 📂 ch30/ |
| Orchestrating Containers | Chapter 31 | Kubernetes, Helm And Rancher | 📂 ch31/ |
| Chapter 32 | Deploying Gitea Using The Helm Chart | 📂 ch32/ |
|
| Chapter 33 | CI/CD And Continuous Delivery | Embedded in book | |
| Chapter 34 | Working With Gitea Actions Workflows | 📂 Gitea Actions Templates | |
| Version Control | Chapter 35 | Version Management With Git | Embedded in book |
| Remote Configuration Management | Chapter 36 | An overview of SSH | Embedded in book |
| Chapter 37 | Ansible playbooks, roles and collections | 📂 ch37/ |
- Found a typo or a broken command? Please check the 📝 Errata Corrige file first to see if it has already been reported.
- Want to report a new issue? If your problem is not listed in the errata, please read our 👋 Contributing Guidelines and then open a new ticket directly in the 🐛 GitHub Issues section.