Lab12

.github/workflows/main.yaml

@@ -0,0 +1,102 @@
+# This workflow will install Python dependencies, run tests and lint with a single version of Python
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Python application
+
+on:
+  push:
+    branches: [ "lab3" ]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    # Recomended by GitHub Actions. Used to cache dependencies
+    - name: Cache
+      uses: actions/[email protected]
+      with:
+        # A list of files, directories, and wildcard patterns to cache and restore
+        path: ~/.cache/pip
+        # An explicit key for restoring and saving the cache
+        key: ${{ runner.os }}-pip-${{ hashFiles('app_python/requirements.txt') }}
+        # An ordered multiline string listing the prefix-matched keys, that are used for restoring stale cache if no cache hit occurred for key. Note `cache-hit` returns false in this case.
+        restore-keys: |
+          ${{ runner.os }}-pip- # optional
+
+
+    - name: Set up Python 3.10
+      uses: actions/setup-python@v3
+      with:
+        python-version: "3.10"
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install flake8 pytest
+        pip install -r app_python/requirements.txt
+
+    - name: Lint with flake8
+      run: |
+        # stop the build if there are Python syntax errors or undefined names
+        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+
+    - name: Test with pytest
+      run: |
+        pytest app_python/test_app.py
+
+  security:
+    runs-on: ubuntu-latest
+
+    needs:
+      - build
+
+    steps:
+      - uses: actions/checkout@v4
+
+      # From example given in lab3.md
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python-3.10@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+            args: --skip-unresolved app_python/
+
+
+  docker:
+    runs-on: ubuntu-latest
+
+    needs:
+      - build
+      - security
+
+    services:
+      docker:
+        image: docker:latest
+        options: --privileged
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build  Docker image
+        run: |
+          docker build -t ${{ secrets.DOCKER_USERNAME }}/python_time_app:latest ./app_python
+
+      - name: Push Docker image
+        run: |
+          docker push ${{ secrets.DOCKER_USERNAME }}/python_time_app:latest

.gitignore

@@ -0,0 +1,22 @@
+# Ignore venv
+venv/
+# Ignore IntelliJ IDEA project files
+.idea/
+*.iml
+*.iws
+# Ignore workspace-related files
+*.ipr
+__pycache__/
+
+# Ignore other system-specific files
+.DS_Store
+
+# Ignore secrets
+.secrets
+*.tfvars
+*.tfvars.json
+terraform.tfstate.backup
+.terraform/
+terraform.tfstate
+key.json
+grafana/

README.md

@@ -1,3 +1,6 @@
+[![Python application](https://github.com/smasIner/S24-core-course-labs/actions/workflows/main.yaml/badge.svg)](https://github.com/smasIner/S24-core-course-labs/actions/workflows/main.yaml)
+
+
 # DevOps Engineering Labs
 
 ## Introduction

ansible/ANSIBLE.md

@@ -0,0 +1,179 @@
+## Installation
+1. Clone the repo.
+2. Install Ansible by following the [installation guide](https://docs.ansible.com/ansible/latest/installation_guide/index.html).
+3. Update your `inventory/vm.yml` file with your vm machine ip, name, and password(install sshshmthing).
+4. Run the Ansible playbook:
+
+
+creating web app through ancible in docker on vm, then wiping it:
+```bash
+(venv) smasiner@smasIners-MacBook-Pro ansible % ansible-playbook -i inventory/vm.yml playbooks/dev/main.yaml                                          
+
+PLAY [Install docker manually] ****************************************************************************************************************************************
+
+TASK [Gathering Facts] ************************************************************************************************************************************************
+[WARNING]: Platform linux on host vm_name is using the discovered Python interpreter at /usr/bin/python3.12, but future installation of another Python interpreter
+could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.17/reference_appendices/interpreter_discovery.html for more information.
+ok: [vm_name]
+
+TASK [../../roles/docker : include_tasks] *****************************************************************************************************************************
+included: /Users/smasiner/Documents/GitHub/Iwanttodie/Untitled/S24-core-course-labs/ansible/roles/docker/tasks/install_docker.yml for vm_name
+
+TASK [../../roles/docker : Install Docker dependencies] ***************************************************************************************************************
+ok: [vm_name]
+
+TASK [../../roles/docker : Add Docker’s official GPG key] *************************************************************************************************************
+ok: [vm_name]
+
+TASK [../../roles/docker : Set up Docker stable repository] ***********************************************************************************************************
+ok: [vm_name]
+
+TASK [../../roles/docker : Install Docker] ****************************************************************************************************************************
+ok: [vm_name]
+
+TASK [../../roles/docker : include_tasks] *****************************************************************************************************************************
+included: /Users/smasiner/Documents/GitHub/Iwanttodie/Untitled/S24-core-course-labs/ansible/roles/docker/tasks/install_compose.yml for vm_name
+
+TASK [../../roles/docker : Download Docker Compose] *******************************************************************************************************************
+ok: [vm_name]
+
+TASK [docker : include_tasks] *****************************************************************************************************************************************
+included: /Users/smasiner/Documents/GitHub/Iwanttodie/Untitled/S24-core-course-labs/ansible/roles/docker/tasks/install_docker.yml for vm_name
+
+TASK [docker : Install Docker dependencies] ***************************************************************************************************************************
+ok: [vm_name]
+
+TASK [docker : Add Docker’s official GPG key] *************************************************************************************************************************
+ok: [vm_name]
+
+TASK [docker : Set up Docker stable repository] ***********************************************************************************************************************
+ok: [vm_name]
+
+TASK [docker : Install Docker] ****************************************************************************************************************************************
+ok: [vm_name]
+
+TASK [docker : include_tasks] *****************************************************************************************************************************************
+included: /Users/smasiner/Documents/GitHub/Iwanttodie/Untitled/S24-core-course-labs/ansible/roles/docker/tasks/install_compose.yml for vm_name
+
+TASK [docker : Download Docker Compose] *******************************************************************************************************************************
+ok: [vm_name]
+
+TASK [../../roles/web_app : Create compose directory] *****************************************************************************************************************
+ok: [vm_name]
+
+TASK [../../roles/web_app : Create docker-compose.yml from template] **************************************************************************************************
+ok: [vm_name]
+
+TASK [../../roles/web_app : Bring up the compose] *********************************************************************************************************************
+[WARNING]: Docker compose: unknown None: /opt/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential
+confusion
+changed: [vm_name]
+
+TASK [../../roles/web_app : Bring down the compose] *******************************************************************************************************************
+skipping: [vm_name]
+
+TASK [../../roles/web_app : Remove compose directory] *****************************************************************************************************************
+skipping: [vm_name]
+
+PLAY RECAP ************************************************************************************************************************************************************
+vm_name                    : ok=18   changed=1    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   
+
+(venv) smasiner@smasIners-MacBook-Pro ansible % curl http://5.42.101.243:8080                                                                         
+^C
+(venv) smasiner@smasIners-MacBook-Pro ansible % curl http://5.42.101.243:8080
+<h1>Moscow Time: 2024-11-12 20:17:47</h1>%                                                                                                                             (venv) smasiner@smasIners-MacBook-Pro ansible % ansible-playbook -i inventory/vm.yml playbooks/dev/main.yaml --tags "wipe" -e "web_app_full_wipe=true"
+
+PLAY [Install docker manually] ****************************************************************************************************************************************
+
+TASK [Gathering Facts] ************************************************************************************************************************************************
+[WARNING]: Platform linux on host vm_name is using the discovered Python interpreter at /usr/bin/python3.12, but future installation of another Python interpreter
+could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.17/reference_appendices/interpreter_discovery.html for more information.
+ok: [vm_name]
+
+TASK [../../roles/web_app : Bring down the compose] *******************************************************************************************************************
+[WARNING]: Docker compose: unknown None: /opt/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential
+confusion
+changed: [vm_name]
+
+TASK [../../roles/web_app : Remove compose directory] *****************************************************************************************************************
+changed: [vm_name]
+
+PLAY RECAP ************************************************************************************************************************************************************
+vm_name                    : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
+
+(venv) smasiner@smasIners-MacBook-Pro ansible % curl http://5.42.101.243:8080                                                                         
+curl: (56) Recv failure: Connection reset by peer
+(venv) smasiner@smasIners-MacBook-Pro ansible % 
+```
+
+```bash
+   ansible-playbook -i ansible/inventory/vm.yml ansible/playbooks/dev/main.yaml
+```
+
+deployment output here
+
+```bash
+(venv) smasiner@smasIners-MacBook-Pro ansible % ansible-playbook -i inventory/default_aws_ec2.yml playbooks/dev/main.yaml
+
+PLAY [Install docker manually] ****************************************************************************************************************************************
+
+TASK [Gathering Facts] ************************************************************************************************************************************************
+[WARNING]: Platform linux on host vm_name is using the discovered Python interpreter at /usr/bin/python3.12, but future installation of another Python interpreter
+could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.17/reference_appendices/interpreter_discovery.html for more information.
+ok: [vm_name]
+
+TASK [../../roles/docker : include_tasks] *****************************************************************************************************************************
+included: /Users/smasiner/Documents/GitHub/Iwanttodie/Untitled/S24-core-course-labs/ansible/roles/docker/tasks/install_docker.yml for vm_name
+
+TASK [../../roles/docker : Install Docker dependencies] ***************************************************************************************************************
+changed: [vm_name]
+
+TASK [../../roles/docker : Add Docker’s official GPG key] *************************************************************************************************************
+changed: [vm_name]
+
+TASK [../../roles/docker : Set up Docker stable repository] ***********************************************************************************************************
+changed: [vm_name]
+
+TASK [../../roles/docker : Install Docker] ****************************************************************************************************************************
+changed: [vm_name]
+
+TASK [../../roles/docker : include_tasks] *****************************************************************************************************************************
+included: /Users/smasiner/Documents/GitHub/Iwanttodie/Untitled/S24-core-course-labs/ansible/roles/docker/tasks/install_compose.yml for vm_name
+
+TASK [../../roles/docker : Download Docker Compose] *******************************************************************************************************************
+changed: [vm_name]
+
+RUNNING HANDLER [../../roles/docker : Start Docker] *******************************************************************************************************************
+ok: [vm_name]
+
+PLAY RECAP ************************************************************************************************************************************************************
+vm_name                    : ok=9    changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
+```
+
+ansible-inventory -i inventory --list
+
+```bash
+(venv) smasiner@smasIners-MacBook-Pro ansible % ansible-inventory -i inventory --list                                                                 
+{
+    "_meta": {
+        "hostvars": {
+            "vm_name": {
+                "ansible_host": "5.42.101.243",
+                "ansible_password": "censored",
+                "ansible_user": "root"
+            }
+        }
+    },
+    "all": {
+        "children": [
+            "ungrouped"
+        ]
+    },
+    "ungrouped": {
+        "hosts": [
+            "vm_name"
+        ]
+    }
+}
+
+```

ansible/ansible.cfg

@@ -0,0 +1,2 @@
+[defaults]
+inventory = ansible/inventory/default_aws_ec2.yml

ansible/inventory/vm.yml

@@ -0,0 +1,6 @@
+all:
+  hosts:
+    vm_name:
+      ansible_host: 5.42.101.243
+      ansible_user: root
+      ansible_password: secret #you would need sshpass or similar (brew install sshpass)

ansible/playbooks/dev/main.yaml

@@ -0,0 +1,6 @@
+- name: Install docker manually
+  hosts: all
+  become: true
+  roles:
+    - ../../roles/docker
+    - ../../roles/web_app

ansible/roles/docker/README.md

@@ -0,0 +1,19 @@
+# Docker Role
+
+## Description
+This role installs Docker and Docker Compose on target machines.
+
+## Requirements
+- Ansible 2.9+
+- Target system running Ubuntu/Linux
+
+## Role Variables
+- `docker_compose_version` (default: `1.29.2`)
+
+## Usage
+To use this role, add it to your playbook as follows:
+
+```yaml
+- hosts: all
+  roles:
+    - docker

ansible/roles/docker/defaults/main.yml

@@ -0,0 +1,2 @@
+docker_version: "latest"
+docker_compose_version: "1.29.2"

ansible/roles/docker/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Start Docker
+  service:
+    name: docker
+    state: started
+    enabled: true

ansible/roles/docker/tasks/install_compose.yml

@@ -0,0 +1,5 @@
+- name: Download Docker Compose
+  get_url:
+    url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-{{ ansible_system | lower }}-{{ ansible_architecture }}"
+    dest: /usr/local/bin/docker-compose
+    mode: '0755'

ansible/roles/docker/tasks/install_docker.yml

@@ -0,0 +1,20 @@
+- name: Install Docker dependencies
+  apt:
+    name: ['apt-transport-https', 'ca-certificates', 'curl', 'gnupg-agent', 'software-properties-common']
+    state: present
+
+- name: Add Docker’s official GPG key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    state: present
+
+- name: Set up Docker stable repository
+  apt_repository:
+    repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable
+    state: present
+
+- name: Install Docker
+  apt:
+    name: docker-ce
+    state: latest
+  notify: Start Docker

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,2 @@
+- include_tasks: install_docker.yml
+- include_tasks: install_compose.yml