Lab5

.github/workflows/CI.yml

@@ -0,0 +1,70 @@
+name: CI Pipeline
+
+on: push
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+      - name: Install Dependencies
+        working-directory: app_python
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+      - name: Lint Code
+        working-directory: app_python
+        run: flake8 .
+
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+      - name: Install Dependencies
+        working-directory: app_python
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+      - name: Run Tests
+        working-directory: app_python
+        run: pytest
+
+  snyk:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+      - name: Install Snyk CLI
+        run: |
+          npm install -g snyk
+      - name: Run Snyk Vulnerability Test
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} 
+        run: snyk test --all-projects 
+
+  docker:
+    needs: [lint, test, snyk]  
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build and Push Docker Image
+        uses: docker/build-push-action@v6
+        with:
+          context: app_python
+          push: true
+          tags: ${{ secrets.DOCKER_USERNAME }}/my-fastapi-app:latest

ansible/ANSIBLE.md

@@ -0,0 +1,214 @@
+# Ansible Deployment Documentation
+
+## Overview
+
+This document outlines the configuration and deployment process for the custom Docker role. The role installs Docker and Docker Compose, ensures the Docker service is enabled at boot, adds the current user to the Docker group so Docker commands can be run without sudo, and configures a secure Docker daemon.
+
+## Project Structure
+
+```sh
+     .
+     |-- README.md
+     |-- ansible
+     |   |-- inventory
+     |   |   |-- yandex_cloud.yml
+     |   |    
+     |   |-- playbooks
+     |   |   -- dev
+     |   |       -- main.yaml
+     |   |-- roles
+     |   |   |-- docker
+     |   |   |   |-- defaults
+     |   |   |   |   `-- main.yml
+     |   |   |   |-- handlers
+     |   |   |   |   `-- main.yml
+     |   |   |   |-- tasks
+     |   |   |   |   |-- install_compose.yml
+     |   |   |   |   |-- install_docker.yml
+     |   |   |   |   |-- main.yml 
+     |   |   |   `-- README.md
+     |   |   `-- web_app
+     |   |       |-- defaults
+     |   |       |   `-- main.yml
+     |   |       |-- handlers
+     |   |       |   `-- main.yml
+     |   |       |-- meta
+     |   |       |   `-- main.yml
+     |   |       |-- tasks
+     |   |       |   `-- main.yml
+     |   |       `-- templates
+     |   |           `-- docker-compose.yml.j2
+     |   `-- ansible.cfg
+     |-- app_python
+     |-- app_typescript
+     `-- terraform
+```
+
+## Inventory Details
+
+- **Inventory File:** `ansible/inventory/yandex_cloud.yml`
+- **Example Command to List Inventory:**
+
+  ```bash
+  ansible-inventory -i inventory/yandex_cloud.yml --list
+  ```
+- Output:
+
+  ```
+  kokai@kokai:~/Desktop/S25-core-course-labs/ansible$ ansible-inventory -i inventory/yandex_cloud.yml --list 
+     {
+    "_meta": {
+        "hostvars": {
+            "yandex_vm": {
+                "ansible_become": true,
+                "ansible_host": "93.77.188.83",
+                "ansible_python_interpreter": "/usr/bin/python3",
+                "ansible_ssh_private_key_file": "~/.ssh/id_rsa",
+                "ansible_user": "ubuntu"
+            }
+        }
+      },
+      "all": {
+          "children": [
+              "ungrouped"
+          ]
+      },
+      "ungrouped": {
+          "hosts": [
+              "yandex_vm"
+          ]
+      }
+  } ```
+
+- **Graphical Representation of Inventory:**
+  ```bash
+  ansible-inventory -i inventory/yandex_cloud.yml --graph 
+```
+
+- Output:
+  ```
+     kokai@kokai:~/Desktop/S25-core-course-labs/ansible$ ansible-inventory -i inventory/yandex_cloud.yml --graph 
+
+    @all:
+      |--@ungrouped:
+      |  |--yandex_vm  ```
+
+
+## Playbook Execution
+
+### Dry Run (Check Mode)
+
+Before applying changes, perform a dry run to preview potential modifications:
+
+```bash
+ansible-playbook playbooks/dev/main.yaml --check --diff
+```
+
+**Output**:
+```
+kokai@kokai:~/Desktop/S25-core-course-labs/ansible$ ansible-playbook playbooks/dev/main.yaml --diff --check
+
+PLAY [Setup Docker] **************************************************************************************************************************************
+
+TASK [Gathering Facts] ***********************************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Apt update] *******************************************************************************************************************************
+changed: [yandex_vm]
+
+TASK [docker : Remove old Docker versions] ***************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Install required system packages] *********************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Create keyrings directory] ****************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Add Docker GPG key] ***********************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Dearmor Docker GPG key] *******************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Set correct permissions on GPG key] *******************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Add Docker repository] ********************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Install Docker packages] ******************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Ensure Docker service is enabled and started] *********************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Add users to docker group] ****************************************************************************************************************
+ok: [yandex_vm] => (item=docker)
+
+TASK [docker : Enable and start Docker service] **********************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Install Docker Compose plugin] ************************************************************************************************************
+ok: [yandex_vm]
+
+PLAY RECAP ***********************************************************************************************************************************************
+yandex_vm                  : ok=14   changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
+```
+## Actual Deployment
+To deploy the Docker role, run:
+```bash
+ansible-playbook playbooks/dev/main.yaml --check
+```
+
+**Output**:
+```
+kokai@kokai:~/Desktop/S25-core-course-labs/ansible$ ansible-playbook playbooks/dev/main.yaml --diff
+
+PLAY [Setup Docker] **************************************************************************************************************************************
+
+TASK [Gathering Facts] ***********************************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Apt update] *******************************************************************************************************************************
+changed: [yandex_vm]
+
+TASK [docker : Remove old Docker versions] ***************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Install required system packages] *********************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Create keyrings directory] ****************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Add Docker GPG key] ***********************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Dearmor Docker GPG key] *******************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Set correct permissions on GPG key] *******************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Add Docker repository] ********************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Install Docker packages] ******************************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Ensure Docker service is enabled and started] *********************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Add users to docker group] ****************************************************************************************************************
+ok: [yandex_vm] => (item=docker)
+
+TASK [docker : Enable and start Docker service] **********************************************************************************************************
+ok: [yandex_vm]
+
+TASK [docker : Install Docker Compose plugin] ************************************************************************************************************
+ok: [yandex_vm]
+
+PLAY RECAP ***********************************************************************************************************************************************
+yandex_vm                  : ok=14   changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
+```

ansible/ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+inventory = ./inventory/yandex_cloud.yml
+host_key_checking = False
+roles_path = ./roles

ansible/inventory/yandex_cloud.yml

@@ -0,0 +1,9 @@
+---
+all:
+  hosts:
+    yandex_vm:
+      ansible_host: 93.77.188.83
+      ansible_user: ubuntu
+      ansible_ssh_private_key_file: ~/.ssh/id_rsa_ya
+      ansible_become: true
+      ansible_python_interpreter: /usr/bin/python3.8

ansible/playbooks/dev/main.yaml

@@ -0,0 +1,5 @@
+- name: Setup Docker
+  hosts: yandex_vm
+  become: true
+  roles:
+   - docker

ansible/roles/docker/README.md

@@ -0,0 +1,19 @@
+# Docker Role
+
+This role installs and configures Docker and Docker Compose on Ubuntu.
+
+## Requirements
+- Ansible 2.15.0+
+- Ubuntu 20.04 LTS
+
+## Role Variables
+- `docker_edition` (default: "ce")
+- `docker_users` (default: ["docker"])
+
+## Example Playbook
+```yaml
+- hosts: yandex_vm
+  become: true
+  roles:
+    - docker
+```

ansible/roles/docker/defaults/main.yml

@@ -0,0 +1,3 @@
+docker_apt_arch: "{{ ansible_architecture | replace('x86_64', 'amd64') }}"
+docker_users:
+  - docker

ansible/roles/docker/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: restart docker
+  ansible.builtin.service:
+    name: docker
+    state: "{{ docker_restart_handler_state }}"
+  ignore_errors: "{{ ansible_check_mode }}"
+  when: docker_service_manage | bool

ansible/roles/docker/tasks/install_compose.yml

@@ -0,0 +1,5 @@
+- name: Install Docker Compose plugin
+  apt:
+    name: docker-compose-plugin
+    state: present
+    update_cache: yes