Tag: tool

What is the difference between terraform and Ansible?

by bittu KAnsible / TutorialsLeave a Comment on What is the difference between terraform and Ansible?

In today’s growing world of DevOps, big player are started implementing business processes on IaC (Infrastructure as Code). IaC work as to simplify the process of large-scale management. Modern IaC tools simplify the configuration to resolve server problems in a quick time.

Terraform and Ansible are two popular frontline line DevOps tools that provision and configure servers. Ansible is the more mature between the two, originating in early 2012 and Terraform is a Hashicorp product and was first introduce in 2014.  As the DevOps industry is gaining momentum, so also Ansible and Terraform gaining their popularity with this trend. Both the tools used in deploying the code and infrastructure, in simple Ansible acts as a configuration management solution, Terraform is a service orchestration tool.

In this blog, we point our focus on Terraform vs Ansible, a discussion that is highly dominating the current DevOps market. Let’s first known about these tools:

What is Ansible?

Ansible is an open-source automation tool, or you can also called platform, used for IT tasks such as configuration management, application deployment, intraservice orchestration, and provisioning. Automation is crucial these days, with IT environments that are too complex and often need to scale too quickly for system administrators and developers to keep up if they had to do everything manually.

In simple words, it frees up time and increases efficiency. And also it is rapidly rising to the top in the world of automation tools.

Benefits of Ansible

  • Free: Ansible is an open-source tool.
  • Very simple to set up and use: No special coding skills are necessary to use Ansible’s playbooks.
  • Powerful: Ansible lets you model even highly complex IT workflows.
  • Flexible: Orchestrate the entire application environment no matter where it’s deployed. You can also customize it based on your needs.
  • Agentless: No need to install any other software or firewall ports on the client systems you want to automate. You also don’t have to set up a separate management structure.
  • Efficient: You don’t need to install any extra software, there’s more room for application resources on your server.

What is Terraform?

Terraform is an open source, CLI-based infrastructure as code tool created by Hashicorp.

Terraform is an infrastructure as code tool that helps you to build, change, and infrastructure safely and efficiently. This process includes low-level components such as compute instances, storage, and networking, as well as high-level components such as DNS entries, SaaS features, etc. Terraform can manage both existing service providers and custom in-house solutions.

Benefits of Using Terraform

So now you know what Terraform is and how it works, let’s take a look on the top reasons why you should start using Terraform today:

  • Improve multi-cloud infrastructure deployment
  • Automated infrastructure management
  • Infrastructure as code
  • Reduced development costs
  • Reduced time to provision

What is the difference between terraform and Ansible?

In this section, let’s check the difference between the two. Meanwhile both are designed for similar purposes, both have definitely laid a foundation for lifecycle management frameworks. Now, both our players in their battle has placed their cards on the table. Let us find out their differences on some of major factors:

Conclusion

The possibility of a perfect answer on “Why Terraform” or “Why not Ansible” depends mainly on your requirements. Both the tools have so many similarities and also some fair differences as well. So, which one is the best? From a practical perspective, it is advisable to use Ansible for configuration management and Terraform for orchestration. The primary purpose of Terraform is orchestration, and it is considerably intuitive.

Also from career aspect, opportunities for these skilled professionals are increasing significantly with huge scope for career growth.

According to Indeed.com, the average salary of a professional of these skills is $177,530 per annum.

Both Ansible and Terraform are the leading data analytics tool which is adopted by many MNCs worldwide. With this, the demand for the professionals is gradually.

Below you can watch and learn Ansible and Terraform Tutorials

Ansible Advance Tutorial – Intro, Adhoc Command, Inventory, Playbook

Terraform Basic Tutorial with Demo

Hope you find this answer helpful.

Tagged : / / / / /

Tool Selection Process

by scmgalaxy KOthers Version Control Systems / Version Control SystemsLeave a Comment on Tool Selection Process

mfeighner created the topic: Tool Selection Process
www.cmbestpractices.com/index.php?option…d=44:tools&Itemid=81

rajeshkumar replied the topic: Tool Selection Process
Hi Mike,
Is it your website? seems the post have been wrongly-linked with other thread..
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn

mfeighner replied the topic: Tool Selection Process
no, not mine, Bob Aiello’s…

Tagged :

Is there a command line tool?

by scmgalaxy KGeneralLeave a Comment on Is there a command line tool?

msiexpert created the topic: Is there a command line tool?
Is there a command line tool?

applicationPackaging replied the topic: Re: Is there a command line tool?
The command line tool freeze can be used to build a project from the shell.

1 Launch the Terminal application.
2 Type freeze
3 Drag and drop the Iceberg project from the Finder to the Terminal window.
4

Launch the build by pressing Return.
Note: If you launch the tool with no arguments, the freeze usage will be displayed.
Example:

$ freeze
usage: freeze [-v] [-d ] file …
$ freeze /Users/peter/Documents/PackInstall/PackInstall.packproj

Tagged :

Actual Installer, this tool with its safe and reliable interface creates amazing

by scmgalaxy KGeneralLeave a Comment on Actual Installer, this tool with its safe and reliable interface creates amazing

InstallerGeek created the topic: Actual Installer, this tool with its safe and reliable interface creates amazing
Installation packages are supposed to be the last but not the least step in developing a software. This tool is exclusively designed to remove all possible hiccups caused during installation of software’s and create simple installation packages. The simple interface of the tool comprises of features like; support for single self-extracting executable file, allows excellent compression, supports multi-language installations, specify Readme and License Agreement texts for every language, License Agreement and ReadMe texts displayed in the TXT or RTF formats, auto check for system requirement, registry and INI files modification, file associations, shortcuts, fonts and COM registrations, custom commands execution, User information query and more.

This tool comes in a time saving and money saving package to make installations easier, faster and more reliable.

Tagged :

Top 10 Static Code Analysis Tool | Best Static Code Analysis Tools List

by scmgalaxy KCode AnalysisLeave a Comment on Top 10 Static Code Analysis Tool | Best Static Code Analysis Tools List
top-10-static-code-analysis-tool
Software security is a very important concern for todays Software market and for that you need to do code analysis in the development lifecycle. Now we can not imagine ourselves to sit back and do manual reading each line of codes and find issues and bugs. Those days of manual review in the software development lifecycle to find the flaws in the codes are over now.
Now the mindsets has changed and developing quality & secure code from the beginning is on rise. This is the time of automation and developers & programmers are now shifting towards the adoption of tools which auto detects the flaws as soon as possible in the software development lifecycle.
As the process shifting towards the automation, static code analysis (SCA) has become an important part of creating quality code. Now the question here is, What is Static Code Analysis?

Static Code Analysis is a technique which quickly and automatically scan the code line by line to find security flaws and issues that might be missed in the development process before the software or application is released. It functions by reviewing the code without actually executing the code.

There are three main benefits of Static analysis tools
1. Automation —  Automation can save your time and energy which ultimately means you can invest your time and energy in some other aspects of development lifecycle, which will help you to release your software faster.
2. Security — Security is also one of the major concern and by adopting Static analysis you can cut the doubt of security vulnerabilities in your application, which will ensure that you are delivering a secure and reliable software.
3. Implementation — Static analysis can be implemented as early in the software development lifecycle (SDLC) as you have code to scan, it will give more time to fix the issues discovered by the tool. The best thing of static analysis is that it can detect the exact line of code that’s been found to be problematic.
There are so many Static code analysis tools are available to ease our work but to choose good tools among them is really a challenging task. I have done some research and providing you the list of top 10 static code analysis tools:-

1. VisualCodeGrepper

static-code-analysis-tool-visualcodegrepper
Visualcodegreeper is an open source automated code security review tool which works with C++, C#, VB, PHP, Java and PL/SQL to track the insecurities and different issues in the code. This tool rapidly review and depicts in detail the issues it discovers, offering a simple to use interface. It allows custom configurations of queries and it’s updated regularly since its creation (2012).
2. Coverity

static-code-analysis-tool-coverity

Coverity is also an open source static code analysis tool which supports C, C++, C#, Objective-C, Java, Javascript, node.JS, Ruby, PHP & Python. It is an excellent static analysis product with support of 100 compilers & detailed and clear description of the code issues you can use it in your desktop environment to quickly find and resolve the errors before checking in the code.

3. Veracode

static-code-analysis-tool-veracode

Veracode is also one of the best static code analysis tool which can find security flaws in application binary code – compiled or “byte” code even when the consideration of source code is not available. Veracode supports multi-languages which includes .NET (C#, ASP.NET, VB.NET), Java (Java SE, Java EE, JSP), C/C++, JavaScript (including AngularJS, Node.js, and jQuery), Python, PHP, Ruby on Rails, ColdFusion, Classic ASP, including mobile applications on the iOS and Android platforms and written in JavaScript cross platform frameworks.

4. YASCA

static-code-analysis-tool-yasca

“Yet Another Source Code Analyzer (YASCA)” is an open source stactic code analysis tool which supports HTML, Java, JavaScript, .NET, COBOL, PHP, ColdFusion, ASP, C/C++ and some other languages. It is an easy to extend and a flexible tool which can integrate with variety of other tools which includes CppCheck, Pixy, RATS, PHPLint, JavaScript Lint, JLint, FindBugs and various others.
5. Cppcheck

static-code-analysis-tool-cppcheck

Cppcheck is an open source static code analysis tool for C/C++. Cppcheck basically identifies the sorts of bugs that the compilers regularly don’t recognize. The objective is to identify just genuine mistakes in the code. It provides both interface command line mode and graphical user interface (GUI) mode and has possiblitites for environment integration. Some of them are Eclipse, Hudson, Jenkins, Visual Studio.

6. Clang

 

static-code-analysis-tool-clang
Clang is also one of the best static code analysis tool for C, C++ and objective-C. This analyzer can be run either as standalone tool or within Xcode. It is an open source tool and a part of the clang project. It utilizes the clank library, hence forming a reusable component and can be utilized by multiple clients.

7. RIPS

 

static-code-analysis-tool-rips
RIPS is a static code analyzer tool to detect different types for security vulnerabilities in PHP codes. RIPS also provide integrated code audit framework for manual analysis. It is an open source tool too and can be controlled via web interface.
8. Flawfinder
static-code-analysis-tool-flawfinder
Flawfinder is also one of the best static analysis tool for C/C++. This tool is easy to use and wel designed. It reports possible security vulnerabilities sorted by risk level. It is an open source tool written in python and use command line interface.
9. DevBug
static-code-analysis-tool-devbug
DevBug is an online PHP static code analyser which is very easy to use and written on Javascript. It was intended to make essential PHP Static Code Analysis accessible on the web, to raise security mindfulness and to incorporate SCA into the development procedure. This analyser tool is also available in open source.

10. SonarQube

 

static-code-analysis-tool-devbug
SonarQube is one of the best and well known open source web based static code analysis tool, it can scan projects written in many different programming languages including  ABAP, Android (Java), C, C++, CSS, Objective-C, COBOL, C#, Flex, Forms, Groovy, Java, JavaScript, Natural, PHP, PL/SQL, Swift, Visual Basic 6, Web, XML, Python and also allows a number of plug ins. What makes SonarQube really stand out is that It provides metrics about your code which will to help you to take the right decision and translates these non-descript values to real business values such as risk and technical debt.
So, above we mentioned top selective static code analysis tools which can be helpful, but if you think this lists should contain some other tools than feel free to share in comment box.
Tagged : / / / / / / / / / / / / / /

Top 5 IT Management Tools | IT Management Software

by scmgalaxy KIT Infrastructure Monitoring ToolsLeave a Comment on Top 5 IT Management Tools | IT Management Software

it-management-tools

IT Management Software | Top 5 IT Management Tools

  • Servicenow
  • BMC Remedy
  • Jira
  • Salesforce
  • Sharepoint
Tagged : / / / / / / / / / / / / / / / / /

Best Open Source Scanning Software

by scmgalaxy KGeneralLeave a Comment on Best Open Source Scanning Software

Open Source Scanning Software

  • Palamida

  • openlogic

  • Blackduck

  • fisheye

Tagged : / / / / / / / / / / / / / / / / /

Top 5 git version control software in cloud

by scmgalaxy KVersion Control SystemsLeave a Comment on Top 5 git version control software in cloud

top-5-version-control-software-in-cloud

  1. Cloud Based
  2. cloudforge
  3. Assembla
  4. github
  5. bitbucket
  6. beanstalk
  7. Gitlab

Some of them can be hosted behind the firewall as well in your company premises.

  1. Gerrit
  2. Gitlab
  3. Github
Tagged : / / / / / / / / / / / / /

Interview Questions and Answer for Perforce Version Control Tool

by scmgalaxy KInterview Questions & AnswersLeave a Comment on Interview Questions and Answer for Perforce Version Control Tool

perforce-interview-questions-answers

Some of the perforce commands which is not commonly used but useful.
p4 annotate – Print file lines along with their revisions.
e.g p4 annotate file.c

How to ignore files/folder in perforce workspace/client?
Assuming you have a client named “CLIENT”, a directory named “foo” (located at your project root), and you wish to ignore all .dll files in that directory tree, you can add the following lines to your workspace view to accomplish this:

-//depot/foo/*.dll //CLIENT/foo/*.dll
-//depot/foo/…/*.dll //CLIENT/foo/…/*.dll

The first line removes them from the directory “foo” and the second line removes them from all sub directories. Now, when you ‘Reconcile Offline Work…’, all the .dll files will be moved into “Excluded Files” folders at the bottom of the folder diff display. They will be out of your way, but can still view and manipulate them if you really need to.

You can also do it another way, which will reduce your “Excluded Files” folder to just one, but you won’t be able to manipulate any of the files it contains because the path will be corrupt (but if you just want them out of your way, it doesn’t matter).

-//depot/foo.../*.dll //CLIENT/foo.../*.dll

Reference
How can I exclude a directory from a Perforce command?

P4IGNORE
Specify a file that contains a list of files to ignore when adding files to the depot and reconciling workspaces.
Reference

How to check last 10 submitted, pending, or shelved changelists that include any file under the project directory?
p4 changes -m 5 //depot/project/…

How to check last 10 submitted or pending, or shelved changelists that include any file under the project directory?
p4 changes -m 1 -s submitted | pending | shelved

Interview Questions Related to Perforce Admin

  1. How to take perforce backup
  2. How to restore perforce backup
  3. How to verify health of the perforce repos database
  4. What is the ise of p4 dbverify and p4 verify

What is the use of p4 admin commands.

The p4 admin command allows Perforce superusers to perform administrative tasks even when working from a different machine than the one running the shared Perforce service.
p4 [g-opts] admin checkpoint [ -z | -Z ] [ prefix ]
p4 [g-opts] admin journal [ -z ] [ prefix ]
p4 [g-opts] admin stop
p4 [g-opts] admin restart
p4 [g-opts] admin updatespecdepot [ -a | -s type ]
p4 [g-opts] admin resetpassword -a | -u user
Reference – Click here

How to remove files from perforce permanently?
p4 archive -p with caution. This is the one of only two commands in Perforce that actually removes file data. (The other command that removes file data is p4 obliterate.)

How to set properly in Perforce?
The Perforce service offers three ways of storing metadata: counters/keys, attributes, and properties.

If your application requires only the flat storage of simple key/value pairs, and attempts to implement no security model, use the p4 counters and p4 keys commands.

The p4 property command can be used by administrators to view and update property definitions stored in the Perforce service. The service does not use the property definitions; it provides this capability for other Perforce applications, such as P4V

If your application’s metadata is associated with particular files, use p4 attribute.

If your application’s metadata is not associated with files, and if you have a requirement to restrict its visibility to users, groups, and/or to control the precedence of multiple values using sequence numbers, use p4 property.

p4 property -n name -v value
p4 counter mycounter 123
p4 key mykey 12
p4 attribute -n name [ -v value ] files…

Perforce Integration with other Tools

  1. Gitfushion
  2. Swarm
  3. Replication
Tagged : / / / / / / / / / / / / / / /

Overview of EMMA | Code Coverage Tool – EMMA

by scmgalaxy KCode AnalysisLeave a Comment on Overview of EMMA | Code Coverage Tool – EMMA

emma-overviewOverview

EMMA is a tool for measuring coverage of Java software. Such a tool is essential for detecting dead code and verifying which parts of your application are actually exercised by your test suite and interactive use.
EMMA’s design strives for several, very elusive in their combination, goals:

  • report rich coverage analysis data without introducing significant overhead during either build or execution time
  • be useful in team development environments, while at the same time enabling fast individual develop-test cycle
  • support quick development and testing of small standalone Java applications as well as scale up to massive enterprise sotfware suites containing thousands of Java classes

Advantages of Emma over other coverage tools

EMMA differs from other coverage tools in its extreme orientation towards fast iterative develop-test style of writing software. JVM Profiler Interface (JVMPI)-based tools do not require an instrumented source build, but the runtime overhead of running with JVMPI on is empirically known to be very high and results in depressingly slow testsuite runs. For tools based on source code instrumentation, having to wait for a full source code rebuild just to check coverage metrics is not something a normal developer wants to do several times during a day. EMMA’s goal is to be so unintrusive that frequent daily checking of coverage numbers becomes second nature to every developer on the team, if not a completely automatic byproduct of every test run.

Install and Configuration

Method 1: To run on Command Line.
Copying emma.jar to <your jre dir>/lib/ext/ directory for whichever JRE you use from command line.
Method 2:
Still, if you are wary of adding a third-party library as a standard JRE extension, just make sure that all your EMMA command line invocations add emma.jar to the JVM classpath:
>java -cp …/lib/emma.jar <emma or emmarun command>

Implementing EMMA with Application

  • On the Fly Mode – Based suited for Standalone Application
  • Offline Mode – Best suited for J2EE framework based application

Implement EMMA in J2EE project {WebLogic, Websphere, Tomcat, JBoss, …}?

There are very less opportunities given by Emma that  you would be able setup emma for J2EE Project on the fly mode. The reason behind this to fact that many J2EE features requires specialized class loading that will happen outside EMMA instrumenting class holder. The server might run fine but you will unlikely to get EMMA report.
So, based Procedures to Instrument your classes prior to deployment (offline mode); offline instrumentation always follows the same compile / instrument / Package / deploy / get coverage / Generate report sequence.
There are following steps need to follow to implement EMMA in J2EE based project…

  • Use EMMA’s instr tool to instrument the desire classes. This can be done a post compilation step, before packaging. However many users also find it convenient to let EMMA process their jars directly (either in place, using overwrite mode, or by creating separate instrumented copies of everything, fullcopy mode.
  • do your J2EE packaging as normal, but do not include emma.jar as a lib at this level, that is, within your .war, .ear, etc;
  • locate whichever JRE is used by the container and copy emma.jar into its <jre dir>/lib/ext directory. If that is impossible, add emma.jar to the server classpath (in a server-specific way);
  • deploy your instrumented classes, .jars, .wars, .ears, etc and exercise/test your J2EE application via your client-side testcases or interactively or whichever way you do it;
  • to get a coverage dump file, you have three options described. It is highly recommended that you use coverage.get  control command with the ctl tool available in v2.1.

Notes:

Reference:
http://emma.sourceforge.net/faq.html#q.runtime.appservers
http://emma.sourceforge.net/reference/ch02s03.html#tool-ref.instr.outmodes

Emma Integration with other tools

Emma Integration with Sonar
Emma Integration with Hudson
Emma Integration with CruiseControl

jar instrumentation using Emma

http://primates.ximian.com/~flucifredi/emma-HOWTO.html
http://emma.sourceforge.net/reference/ch02s03.html#tool-ref.instr.outmodes
http://primates.ximian.com/~flucifredi/emma-HOWTO.html
http://groovy.329449.n5.nabble.com/EMMA-Code-Coverage-has-problem-with-Groovy-classes-td360560.html

Tagged : / / / / / / / / / /