lab 11

.gitignore

@@ -0,0 +1,64 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Translations
+*.mo
+*.pot
+
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Environments
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Pyre type checker
+.pyre/
+.idea/*
+.env
+/backup_worker.iml

CI.MD

@@ -0,0 +1,59 @@
+## Continuous Integration (CI) Best Practices
+
+
+### **Fine-tuned Triggers**
+- Limiting the CI to run only when changes occur in specific folders or files, rather than on every single commit or push. This conserves resources.
+    ```yaml
+    on:
+      push:
+        paths:
+        - 'app_python/**'
+    ```
+
+### **Explicit Environment Setup**
+- Specifying the environment (like the OS) and the exact version of the tools (like Python) ensures consistency across CI runs.
+    ```yaml
+    runs-on: ubuntu-latest
+    ```
+
+### **Dependency Caching**
+- Caching dependencies speeds up CI runs, as they don't have to be fetched from the internet every time.
+    ```yaml
+    - name: Cache pip
+      uses: actions/cache@v2
+    ```
+
+### **Linter Integration**
+- Linters like `flake8` ensure code quality and adherence to coding standards.
+    ```yaml
+    - name: Lint with flake8
+    ```
+
+### **Comprehensive Tests**
+- Run unit tests to catch regressions and ensure that the software behaves as expected.
+    ```yaml
+    - name: Run Tests
+    ```
+
+### Docker Integration
+- Building and pushing Docker images as part of CI ensures the latest code changes are always available as Docker images.
+```yaml
+    - name: Login to Docker Hub
+    - name: Build and Push Docker Image
+```
+
+### Secrets Management
+- Sensitive information, like login credentials, should be stored securely using platform features like [GitHub Secrets](https://docs.github.com/en/actions/reference/encrypted-secrets).
+
+### **Visibility with Status Badges**
+- A status badge in README provides a quick overview of the health of project.
+    ```markdown
+    ![Python CI Workflow](![Python CI Workflow](https://github.com/eukuz/devops-course-labs/workflows/Python%20CI%20Workflow/badge.svg)
+    ```
+
+### **Fail-fast Strategy**
+- If any step in the CI process fails, the entire job should stop immediately. This saves resources and provides faster feedback.
+
+### **Matrix Builds**
+- Running tests on multiple versions of a tool (e.g., Python) ensures compatibility across versions.
+

ansible/ANSIBLE.md

@@ -0,0 +1,55 @@
+### **Result of ansible-playbook playbooks/dev/main.yml --diff**
+
+```
+TASK [web_app : Ensure /etc/docker/ directory exists.] *********************************************************************************************************************
+skipping: [vm]
+
+TASK [web_app : Configure Docker daemon options.] **************************************************************************************************************************
+skipping: [vm]
+
+TASK [web_app : Ensure Docker is started and enabled at boot.] *************************************************************************************************************
+ok: [vm]
+
+TASK [web_app : Ensure handlers are notified now to avoid firewall conflicts.] *********************************************************************************************
+
+TASK [web_app : include_tasks] *********************************************************************************************************************************************
+included: /Users/nurbakzh/Downloads/labs/DevOps-Nurba/ansible/roles/nurba/tasks/docker-compose.yml for retakeVM
+
+TASK [web_app : Check current docker-compose version.] *********************************************************************************************************************
+ok: [vm]
+
+TASK [web_app : set_fact] **************************************************************************************************************************************************
+ok: [vm]
+
+TASK [web_app : Delete existing docker-compose version if it's different.] *************************************************************************************************
+skipping: [vm]
+
+TASK [web_app : Install Docker Compose (if configured).] *******************************************************************************************************************
+skipping: [vm]
+
+TASK [web_app : Get docker group info using getent.] ***********************************************************************************************************************
+skipping: [vm]
+
+TASK [web_app : Check if there are any users to add to the docker group.] **************************************************************************************************
+
+TASK [web_app : include_tasks] *********************************************************************************************************************************************
+skipping: [vm]
+
+TASK [web_app : Stop services] *********************************************************************************************************************************************
+skipping: [vm]
+
+TASK [web_app : Remove directory] ******************************************************************************************************************************************
+skipping: [vm]
+
+TASK [web_app : Create directory] ******************************************************************************************************************************************
+ok: [vm]
+
+TASK [web_app : Crete docker-compose.yml] **********************************************************************************************************************************
+ok: [vm]
+
+TASK [web_app : Run docker-compose] ****************************************************************************************************************************************
+ok: [vm]
+
+PLAY RECAP *****************************************************************************************************************************************************************
+vm                   : ok=19   changed=0    unreachable=0    failed=0    skipped=16   rescued=0    ignored=0```
+```

ansible/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+roles_path = ../ansible/roles
+inventory = inventory

ansible/inventory/inventory.yml

@@ -0,0 +1,5 @@
+virtual_machines:
+  hosts:
+    vm:
+      ansible_host: 84.201.141.246
+      ansible_user: ubuntu

ansible/playbooks/dev/main.yml

@@ -0,0 +1,4 @@
+- name: Install docker
+  hosts: vm
+  roles:
+    - web_app

ansible/roles/docker/README.md

@@ -0,0 +1,22 @@
+Docker Role
+=========
+
+The docker role installs Docker using apt and Docker Compose using pip on the Virtual Machine.
+
+Requirements
+------------
+
+There are no additional roles or prerequisites for running 
+
+Role Variables
+--------------
+
+There are no additional variables for role
+
+Example Playbook
+----------------
+
+    - hosts: vms
+      roles:
+         - { role: username.rolename }
+

ansible/roles/docker/tasks/docker-compose.yml

@@ -0,0 +1,5 @@
+---
+- name: Install docker-compose
+  pip:
+    name: docker-compose
+    state: present

ansible/roles/docker/tasks/docker.yml

@@ -0,0 +1,5 @@
+---
+- name: Install docker
+  pip:
+    name: docker
+    state: present

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Update apt
+  apt:
+    update_cache: true
+
+- name: Install python and pip
+  apt:
+    name:
+      - python3
+      - python3-pip

ansible/roles/web_app/README.md

@@ -0,0 +1,24 @@
+Docker Role
+=========
+
+The web_app role is used to deploy the app_python on VM,
+using Docker image.
+
+Requirements
+------------
+
+In case, if the Docker is not installed on the target machine,
+it will use previously created "docker" role
+
+Role Variables
+--------------
+
+Additional "docker" role
+
+Example Playbook
+----------------
+
+    - hosts: vms
+      roles:
+         - { role: username.rolename }
+

ansible/roles/web_app/defaults/main.yml

@@ -0,0 +1,7 @@
+docker_app_base_dir: 'opt/web_app'
+docker_image: "maksktl/devops_course_python_app:latest"
+docker_container_name: "python_app"
+ports:
+  external: 80
+  internal: 5000
+web_app_full_wipe: false

ansible/roles/web_app/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: restart docker
+  service:
+    name: docker
+    state: "{{ docker_restart_handler_state }}"
+  ignore_errors: "{{ ansible_check_mode }}"
+  when: docker_service_manage | bool

ansible/roles/web_app/meta/main.yml

@@ -0,0 +1,8 @@
+galaxy_info:
+  author: maksktl
+  min_ansible_version: 2.1
+  platforms:
+    - name: Ubuntu
+      versions:
+        - all
+  dependencies: [docker]

ansible/roles/web_app/tasks/0-wipe.yml

@@ -0,0 +1,14 @@
+- name: Wipe logic
+  block:
+  - name: Stop services
+    community.docker.docker_compose:
+      project_src: "{{ docker_app_base_dir }}"
+      state: absent
+      remove_volumes: true
+    ignore_errors: true
+
+  - name: Remove directory
+    ansible.builtin.file:
+      state: absent
+      path: "{{ docker_app_base_dir }}"
+  tags: ["web_app"]

ansible/roles/web_app/tasks/docker-compose.yml

@@ -0,0 +1,30 @@
+---
+- name: Check current docker-compose version.
+  command: "{{ docker_compose_path }} --version"
+  register: docker_compose_vsn
+  check_mode: false
+  changed_when: false
+  failed_when: false
+
+- set_fact:
+    docker_compose_current_version: "{{ docker_compose_vsn.stdout | regex_search('(\\d+(\\.\\d+)+)') }}"
+  when: docker_compose_vsn.stdout is defined
+    and (docker_compose_vsn.stdout | length > 0)
+
+- name: Delete existing docker-compose version if it's different.
+  file:
+    path: "{{ docker_compose_path }}"
+    state: absent
+  when: >
+    docker_compose_current_version is defined
+    and (docker_compose_version | regex_replace('v', '')) not in docker_compose_current_version
+
+- name: Install Docker Compose (if configured).
+  get_url:
+    url: "{{ docker_compose_url }}"
+    dest: "{{ docker_compose_path }}"
+    mode: 0755
+  when: >
+    (docker_compose_current_version is not defined)
+    or (docker_compose_current_version|length == 0)
+    or (docker_compose_current_version is version((docker_compose_version | regex_replace('v', '')), '<'))

ansible/roles/web_app/tasks/docker-users.yml

@@ -0,0 +1,10 @@
+---
+- name: Ensure docker users are added to the docker group.
+  user:
+    name: "{{ item }}"
+    groups: docker
+    append: true
+  with_items: "{{ docker_users }}"
+
+- name: Reset ssh connection to apply user changes.
+  meta: reset_connection

ansible/roles/web_app/tasks/main.yml

@@ -0,0 +1,27 @@
+- name: Make the wipe
+  ansible.builtin.import_tasks: 0-wipe.yml
+  when: web_app_full_wipe
+  tags: ["web_app", "web_app_wipe"]
+
+- name: Deploy python_app
+  block:
+  - name: Create directory
+    ansible.builtin.file:
+      path: "{{ docker_app_base_dir }}"
+      state: directory
+      mode: "0755"
+
+  - name: Crete docker-compose.yml
+    ansible.builtin.template:
+      src: docker-compose.yml.j2
+      dest: "{{ docker_app_base_dir }}/docker-compose.yml"
+      owner: root
+      group: root
+      mode: "0600"
+
+  - name: Run docker-compose
+    ansible.builtin.docker_compose:
+      project_src: "{{ docker_app_base_dir }}"
+      state: present
+      pull: true
+  tags: ["web_app"]

ansible/roles/web_app/templates/docker-compose.yml.j2

@@ -0,0 +1,7 @@
+version: "3.0"
+services:
+  {{ docker_container_name }}:
+    image: {{ docker_image }}
+    ports:
+      - "{{ ports.external }}:{{ ports.internal }}"
+    restart: always