On cloud 7.

IaC is often times heavily connected to CI/CD, as by definition it refers to automation. Automation for infrastructure. When it comes to Cloud, different hosts and providers are out there and useful dependent on the task. The Linux under the Cloud technologies might be OpenStack. It makes special serve when having a raw server and the objective to create a private Cloud. Some further technologies are of importance to set up a Cloud like this.

Hand in hand with OpenStack, Terraform has to be mentioned as key technology. To conform the full IaC spirit, some other like Kubernetes, MaaS, Vault and cloud-init have to be mentioned. To provide a single stack on an existing OpenStack environment, the focus can be laid on Terraform + cloud-config.

Cloud is a very broad concept, high level concepts, architecture until Linux know how have to be applied, especially when it comes to implementation of a specific stack. And there, cloud-init comes into play and with that Linux know how is required.

Cloud-init top label called cloud-config
Fig.1 - Declaration of a cloud-init script through the cloud-config label at the top.

cloud-init is a special tool, a package and it is used to set up instances in Terraform and it is executed when the instance is launched. Each cloud-init script starts with the #cloud-config identifier on the top of the YAML file. The content in there is a configuration in declarative manner. This script is handed over to Terraform through a so called template_file object to the service with the field "user-data" when declaring the respective instance. So then it can run during the initial boot process.

A cloud-config file is divided into multiple sections like:

- write_files

- ntp

- bootcmd

- packages

- runcmd

- apt

- final_message

For example, to have packages available on the running instance, the packages top level directive is used with the list operator "-" to mention the needed packages

Packages to be installed
Fig.2 - An example of a list of packages to be installed during the set up.

To see some more applied Linux properties the write_files directive, another top level one, to write files on the disk gives some insights. Again multiple files through the list "-" syntax can be created.

There are four properties an object, either file or directory, has. Those are path, permissions, owner and content. As Linux is a multi-user system, for security reasons, the conecpt of permission to a file is applied. Ownership is something different and spans another dimension in that sense. If permission is drawn as a column of a matrix, thought in terms of first dimension, it can have three pecularities, namely read (r), write (w) and execute (x). They are independent from each other.

1 dimensional representation of permissions in Linux
Fig.3 - A 1 dimensional representation of permissions to an object in Linux.

On the other dimension, ownership can be thought of in y direction. Linux has also three user types namely User (here: U), Group (here: G) and All (here: A). An object therefore has three permissions described each through a combination of three letters - rwx. In Linux this is set through the chmod command. For the ownership on the other hand is chown.

2 dimensional representation of permissions and ownershipt in Linux
Fig.4 - A 2 dimensional representation of permissions and ownerships to an object in Linux.

To see this for a real file, on has to use the ls command like ls -l which returns the permissions of the objects together with other properties like the names or sizes. As can be depicted in figure 5, there are three blocks in the beginning, a kind of cryptic response. But basically this first part before the integer, can be split inot 4 subfields, not just three. The first "-" here stands for the obejct type, and means file in that case. Otherwise it would be "d" for directory. then the User block comes, here rw-. Then comes rw- for the Group permissions. So the user and the given group have read and write access. Regarding the fourth block, which is r--, the All owner have only read access. Nobody has execution access, since every position "x" in the order rwx is set to "-". This setting is there, even though it is questionable if the png file can be executed somehow.

Finally, this means each owner type has three different binary options, as there are three permissions. The number of different combinations is therefore 2^3 = 2*2*2 = 8 (0, ..., 7). Each combination of r,w,x (each of them on or off) is encoded into a decimal value of 0, ..., 7. This terminology is finally used in the cloud-init script and shows that Linux knowledge is essential for both CI/CD and IaC and Cloud.

Sample return from ls -la 00197.png
Fig.5 - Sample of the object properties for a png file called 00197.