Otus-DevOps-2023-03 · Alexiv90 · Aug 29, 2023 · Aug 29, 2023 · Aug 29, 2023 · Aug 29, 2023
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,7 +1,7 @@
 # Выполнено ДЗ №
 
- - [ ] Основное ДЗ
- - [ ] Задание со *
+ - [x] Основное ДЗ
+ - [x] Задание со *
 
 ## В процессе сделано:
  - Пункт 1
@@ -14,5 +14,5 @@
  - Например, перейти по ссылке http://localhost:8080
 
 ## PR checklist
- - [ ] Выставил label с номером домашнего задания
- - [ ] Выставил label с темой домашнего задания
+ - [x] Выставил label с номером домашнего задания
+ - [x] Выставил label с темой домашнего задания
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,9 @@
+variables.json
+*.tfstate
+*.tfstate.*.backup
+*.tfstate.backup
+*.tfvars
+.terraform/
+key.json
+*.retry
+jdauphant.nginx
diff --git a/.github/.pre-commit-config.yaml → .pre-commit-config.yaml b/.github/.pre-commit-config.yaml → .pre-commit-config.yaml
diff --git a/README.md b/README.md
@@ -5,3 +5,15 @@ HW3
 Развернут OpenVPN
 bastion_IP = 158.160.105.122
 someinternalhost_IP = 10.128.0.34
+
+HW4
+Содана ВМ
+Развернуты ruby mongodb и произведен деплой приложения
+testapp_IP = 51.250.67.144
+testapp_port = 9292
+
+HW5
+Создан файл ubuntu16.json
+Развернут образ виртуальной машины
+Создана ВМ из образа
+Создан файл параметров
diff --git a/cloud-bastion.ovpn → VPN/cloud-bastion.ovpn b/cloud-bastion.ovpn → VPN/cloud-bastion.ovpn
diff --git a/setupvpn.sh → VPN/setupvpn.sh b/setupvpn.sh → VPN/setupvpn.sh
diff --git a/ansible.cfg b/ansible.cfg
@@ -0,0 +1,15 @@
+[defaults]
+inventory = ./ansible/environments/stage/inventory.yml
+remote_user = ubuntu
+private_key_file = ~/.ssh/appuser
+# Отключим проверку SSH Host-keys (поскольку они всегда разные для новых инстансов)
+host_key_checking = False
+# Отключим создание *.retry-файлов (они нечасто нужны, но мешаются под руками)
+retry_files_enabled = False
+# Явно укажем расположение ролей (можно задать несколько путей через ; )
+roles_path = ./ansible/roles
+vault_password_file = ~/.ansible/vault.key
+[diff]
+# Включим обязательный вывод diff при наличии изменений и вывод 5 строк контекста
+always = True
+context = 5
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
@@ -0,0 +1,15 @@
+[defaults]
+inventory = ./environments/stage/inventory.yml
+remote_user = ubuntu
+private_key_file = ~/.ssh/appuser
+# Отключим проверку SSH Host-keys (поскольку они всегда разные для новых инстансов)
+host_key_checking = False
+# Отключим создание *.retry-файлов (они нечасто нужны, но мешаются под руками)
+retry_files_enabled = False
+# Явно укажем расположение ролей (можно задать несколько путей через ; )
+roles_path = ./roles
+vault_password_file = ~/.ansible/vault.key
+[diff]
+# Включим обязательный вывод diff при наличии изменений и вывод 5 строк контекста
+always = True
+context = 5
diff --git a/ansible/environments/prod/credentials.yml b/ansible/environments/prod/credentials.yml
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+65373638393763363462316233656166363330363364643938383266363761626162343439666337
+6539383737333635663239333762396534663566383034620a613835663730636533303734343232
+66613438313663333765343935336631366339336639643535366231383366316564646261616533
+6634663663383232340a643463653334353866636531336264636338663036336462633231373439
+38626265333963323966356536333930396231363939346136316332393935303861323738343734
+63336639396366353964366531393635663462666263663463613261663865383435626436346637
+33643339633435633736666336323330303636313837383663343734346539313231383161663734
+62633932633031633433396439633432363063623766623533353936313933323235323933666364
+6538
diff --git a/ansible/environments/prod/group_vars/all b/ansible/environments/prod/group_vars/all
@@ -0,0 +1 @@
+env: prod
diff --git a/ansible/environments/prod/group_vars/app b/ansible/environments/prod/group_vars/app
@@ -0,0 +1,8 @@
+db_host: 158.160.115.131
+nginx_sites:
+    default:
+    - listen 80
+    - server_name "reddit"
+    - location / {
+        proxy_pass http://127.0.0.1:9292;
+        }
diff --git a/ansible/environments/prod/group_vars/db b/ansible/environments/prod/group_vars/db
@@ -0,0 +1 @@
+mongo_bind_ip: 0.0.0.0
diff --git a/ansible/environments/prod/inventory.yml b/ansible/environments/prod/inventory.yml
@@ -0,0 +1,8 @@
+app:
+  hosts:
+    appserver:
+      ansible_host: 51.250.75.14
+db:
+  hosts:
+    dbserver:
+      ansible_host: 158.160.115.131
diff --git a/ansible/environments/prod/requirements.yml b/ansible/environments/prod/requirements.yml
@@ -0,0 +1,2 @@
+- src: jdauphant.nginx
+  version: v2.21.1
diff --git a/ansible/environments/stage/credentials.yml b/ansible/environments/stage/credentials.yml
@@ -0,0 +1,11 @@
+$ANSIBLE_VAULT;1.1;AES256
+38336136653364383936346461666637383739313530313838626365353439663337643533643732
+6133373334383835306136376561653532336562353162610a373562373065353938356364343534
+35316366643935366531393834306433363162363634386236343735333065643764343066626564
+3233636632336530350a373230373061653031316131373430663233623735653337626233313239
+62313438383137343430373864646464343837363532346335626231636366343238323434633265
+61366431613466376661303131353432383035663336663632393337313631646661616262616239
+34393761383065623430373933333330313534366634326438643364623833393837313364643433
+62303663653036316131323039633736363066353131363233343665643838333233363039363932
+64316336303661626436333931313063326132323961666265383035356230636536386131316138
+3865636264333466333136656566366430333732326462623331
diff --git a/ansible/environments/stage/group_vars/all b/ansible/environments/stage/group_vars/all
@@ -0,0 +1 @@
+env: stage
diff --git a/ansible/environments/stage/group_vars/app b/ansible/environments/stage/group_vars/app
@@ -0,0 +1,8 @@
+db_host: 158.160.115.131
+nginx_sites:
+    default:
+    - listen 80
+    - server_name "reddit"
+    - location / {
+        proxy_pass http://127.0.0.1:9292;
+        }
diff --git a/ansible/environments/stage/group_vars/db b/ansible/environments/stage/group_vars/db
@@ -0,0 +1 @@
+mongo_bind_ip: 0.0.0.0
diff --git a/ansible/environments/stage/inventory.yml b/ansible/environments/stage/inventory.yml
@@ -0,0 +1,8 @@
+app:
+  hosts:
+    appserver:
+      ansible_host: 51.250.75.14
+db:
+  hosts:
+    dbserver:
+      ansible_host: 158.160.115.131
diff --git a/ansible/environments/stage/requirements.yml b/ansible/environments/stage/requirements.yml
@@ -0,0 +1,2 @@
+- src: jdauphant.nginx
+  version: v2.21.1
diff --git a/ansible/old/clone.yml b/ansible/old/clone.yml
@@ -0,0 +1,8 @@
+- name: Clone
+  hosts: app
+  tasks:
+    - name: Clone repo
+      git:
+        repo: https://github.com/express42/reddit.git
+        version: monolith # <-- Указываем нужную ветку
+        dest: /home/ubuntu/reddit
diff --git a/ansible/old/files/puma.service b/ansible/old/files/puma.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Puma HTTP Server
+After=network.target
+
+[Service]
+Type=simple
+EnvironmentFile=/home/ubuntu/db_config
+User=ubuntu
+WorkingDirectory=/home/ubuntu/reddit
+ExecStart=/bin/bash -lc 'puma'
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/old/reddit_app_multiple_plays.yml b/ansible/old/reddit_app_multiple_plays.yml
@@ -0,0 +1,75 @@
+---
+- name: Configure MongoDB
+  hosts: db
+  tags: db-tag
+  become: true
+  vars:
+    mongo_bind_ip: 0.0.0.0
+  tasks:
+    - name: Change mongo config file
+      template:
+        src: templates/mongod.conf.j2
+        dest: /etc/mongod.conf
+        mode: "0644"
+      notify: Restart mongod
+
+  handlers: # <-- Добавим блок handlers и задачу
+    - name: Restart mongod
+      service:
+        name: mongod
+        state: restarted
+
+- name: Configure App
+  hosts: app
+  tags: app-tag
+  become: true
+  vars:
+    db_host: 158.160.115.131
+  tasks:
+    - name: Add unit file for Puma
+      copy:
+        src: files/puma.service
+        dest: /etc/systemd/system/puma.service
+        mode: preserve
+      notify: Restart puma
+
+    - name: Add config for DB connection
+      template:
+        src: templates/db_config.j2
+        dest: /home/ubuntu/db_config
+        mode: preserve
+
+    - name: Enable puma
+      systemd:
+        name: puma
+        enabled: true
+
+  handlers: # <-- Добавим блок handlers и задачу
+    - name: Restart puma
+      service:
+        name: puma
+        state: restarted
+
+
+- name: Deploy App
+  hosts: app
+  tags: deploy-tag
+  become: true
+  tasks:
+    - name: Fetch the latest version of application code
+      git:
+        repo: 'https://github.com/express42/reddit.git'
+        dest: /home/ubuntu/reddit
+        version: monolith # <-- Указываем нужную ветку
+      notify: Restart puma
+
+    - name: Bundle install
+      bundler:
+        state: present
+        chdir: /home/ubuntu/reddit
+
+  handlers: # <-- Добавим блок handlers и задачу
+    - name: Restart puma
+      service:
+        name: puma
+        state: restarted
diff --git a/ansible/old/reddit_app_one_play.yml b/ansible/old/reddit_app_one_play.yml
@@ -0,0 +1,64 @@
+---
+- name: Configure hosts & deploy application
+  hosts: all
+  vars:
+    mongo_bind_ip: 0.0.0.0
+    db_host: 158.160.115.131
+  tasks:
+    - name: Change mongo config file
+      become: true
+      template:
+        src: templates/mongod.conf.j2
+        dest: /etc/mongod.conf
+        mode: "0644"
+      tags: db-tag
+      notify: Restart mongod
+
+    - name: Add unit file for Puma
+      become: true
+      copy:
+        src: ansible/files/puma.service
+        dest: /etc/systemd/system/puma.service
+        mode: preserve
+      tags: app-tag
+      notify: Restart puma
+
+    - name: Add config for DB connection
+      template:
+        src: templates/db_config.j2
+        dest: /home/ubuntu/db_config
+        mode: preserve
+      tags: app-tag
+
+    - name: Enable puma
+      become: true
+      systemd:
+        name: puma
+        enabled: true
+      tags: app-tag
+
+    - name: Fetch the latest version of application code
+      git:
+        repo: 'https://github.com/express42/reddit.git'
+        dest: /home/ubuntu/reddit
+        version: monolith # <-- Указываем нужную ветку
+      tags: deploy-tag
+      notify: Restart puma
+
+    - name: Bundle install
+      bundler:
+        state: present
+        chdir: /home/ubuntu/reddit
+      tags: deploy-tag
+
+  handlers: # <-- Добавим блок handlers и задачу
+    - name: Restart mongod
+      become: true
+      service:
+        name: mongod
+        state: restarted
+    - name: Restart puma
+      become: true
+      service:
+        name: puma
+        state: restarted
diff --git a/ansible/old/templates/db_config.j2 b/ansible/old/templates/db_config.j2
@@ -0,0 +1 @@
+DATABASE_URL={{ db_host }}
diff --git a/ansible/old/templates/mongod.conf.j2 b/ansible/old/templates/mongod.conf.j2
@@ -0,0 +1,16 @@
+# Where and how to store data.
+storage:
+  dbPath: /var/lib/mongodb
+  journal:
+    enabled: true
+
+# where to write logging data.
+systemLog:
+  destination: file
+  logAppend: true
+  path: /var/log/mongodb/mongod.log
+
+# network interfaces
+net:
+  port: {{ mongo_port | default('27017') }}
+  bindIp: {{ mongo_bind_ip }}
diff --git a/ansible/playbooks/app.yml b/ansible/playbooks/app.yml
@@ -0,0 +1,6 @@
+- name: Configure App
+  hosts: app
+  become: true
+  roles:
+    - app
+    - jdauphant.nginx
diff --git a/ansible/playbooks/db.yml b/ansible/playbooks/db.yml
@@ -0,0 +1,5 @@
+- name: Configure MongoDB
+  hosts: db
+  become: true
+  roles:
+    - db
diff --git a/ansible/playbooks/deploy.yml b/ansible/playbooks/deploy.yml
@@ -0,0 +1,21 @@
+- name: Deploy App
+  hosts: app
+  become: true
+  tasks:
+    - name: Fetch the latest version of application code
+      git:
+        repo: 'https://github.com/express42/reddit.git'
+        dest: /home/ubuntu/reddit
+        version: monolith # <-- Указываем нужную ветку
+      notify: Restart puma
+
+    - name: Bundle install
+      bundler:
+        state: present
+        chdir: /home/ubuntu/reddit
+
+  handlers: # <-- Добавим блок handlers и задачу
+    - name: Restart puma
+      service:
+        name: puma
+        state: restarted
diff --git a/ansible/playbooks/packer_app.yml b/ansible/playbooks/packer_app.yml
@@ -0,0 +1,21 @@
+---
+- name: Install Ruby && Bundler && Git
+  hosts: all
+  become: true
+  tasks:
+  # Установим в цикле все зависимости
+
+    - name: Install ruby and rubygems and required packages
+      apt:
+        name: "{{ item }}"
+        state: present
+        update_cache: true
+      with_items:
+        - ruby-full
+        - ruby-bundler
+        - build-essential
+    - name: Install git
+      apt:
+        name: git
+        state: present
+        update_cache: true