diff --git a/ansible/.gitignore b/ansible/.gitignore new file mode 100644 index 0000000000..b36779c412 --- /dev/null +++ b/ansible/.gitignore @@ -0,0 +1 @@ +.vault_pass diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000000..ee2655531e --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,11 @@ +[defaults] +inventory = inventory/hosts.ini +roles_path = roles +host_key_checking = False +remote_user = ubuntu +retry_files_enabled = False + +[privilege_escalation] +become = True +become_method = sudo +become_user = root \ No newline at end of file diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml new file mode 100644 index 0000000000..6e06e0ac93 --- /dev/null +++ b/ansible/group_vars/all.yml @@ -0,0 +1,16 @@ +docker_image: qobz1e/devops-info-service +docker_image_tag: lab2 +app_container_name: info-service +app_port: 5000 +restart_policy: always +env_vars: + ENV: production +dockerhub_username: qobz1e +dockerhub_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 61326164653039343162646236626431386632643166396130626164316238633363616231616131 + 6462663662386465373263666262626433353832313962660a613635623639306130633134656434 + 32623434383237333532363630383264323464343563366266336230303266326661616237353064 + 3337303165653736640a373561613836373639303237373032393134336464613732346161653664 + 65396237363265336236623361326135346238613065656131656265353737323363303034343133 + 6531623765633839623039323131666530646464306133373030 \ No newline at end of file diff --git a/ansible/inventory/hosts.ini b/ansible/inventory/hosts.ini new file mode 100644 index 0000000000..76d7f50b7f --- /dev/null +++ b/ansible/inventory/hosts.ini @@ -0,0 +1,5 @@ +[webservers] +myvm ansible_host=130.193.51.239 ansible_user=ubuntu ansible_ssh_private_key_file=/workspaces/DevOps-Core-Course/labs/id_rsa + +[webservers:vars] +ansible_python_interpreter=/usr/bin/python3 \ No newline at end of file diff --git a/ansible/playbooks/deploy.yml b/ansible/playbooks/deploy.yml new file mode 100644 index 0000000000..f492d8a049 --- /dev/null +++ b/ansible/playbooks/deploy.yml @@ -0,0 +1,8 @@ +--- +- name: Deploy application + hosts: webservers + become: yes + vars_files: + - /workspaces/DevOps-Core-Course/ansible/group_vars/all.yml + roles: + - app_deploy \ No newline at end of file diff --git a/ansible/playbooks/provision.yml b/ansible/playbooks/provision.yml new file mode 100644 index 0000000000..17d437513f --- /dev/null +++ b/ansible/playbooks/provision.yml @@ -0,0 +1,8 @@ +--- +- name: Provision web servers + hosts: webservers + become: yes + + roles: + - common + - docker \ No newline at end of file diff --git a/ansible/roles/app_deploy/defaults/main.yml b/ansible/roles/app_deploy/defaults/main.yml new file mode 100644 index 0000000000..02de09dfaa --- /dev/null +++ b/ansible/roles/app_deploy/defaults/main.yml @@ -0,0 +1,4 @@ +--- +app_port: 5000 +restart_policy: unless-stopped +env_vars: {} \ No newline at end of file diff --git a/ansible/roles/app_deploy/handlers/main.yml b/ansible/roles/app_deploy/handlers/main.yml new file mode 100644 index 0000000000..18e41bd2f2 --- /dev/null +++ b/ansible/roles/app_deploy/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart app container + community.docker.docker_container: + name: "{{ app_container_name }}" + state: restarted \ No newline at end of file diff --git a/ansible/roles/app_deploy/tasks/main.yml b/ansible/roles/app_deploy/tasks/main.yml new file mode 100644 index 0000000000..a3f194764e --- /dev/null +++ b/ansible/roles/app_deploy/tasks/main.yml @@ -0,0 +1,47 @@ +--- +- name: Login to Docker Hub + community.docker.docker_login: + username: "{{ dockerhub_username }}" + password: "{{ dockerhub_password }}" + no_log: true + +- name: Pull Docker image + community.docker.docker_image: + name: "{{ docker_image }}" + tag: "{{ docker_image_tag }}" + source: pull + +- name: Stop existing container + community.docker.docker_container: + name: "{{ app_container_name }}" + state: stopped + ignore_errors: yes + +- name: Remove old container + community.docker.docker_container: + name: "{{ app_container_name }}" + state: absent + ignore_errors: yes + +- name: Run application container + community.docker.docker_container: + name: "{{ app_container_name }}" + image: "{{ docker_image }}:{{ docker_image_tag }}" + state: started + restart_policy: "{{ restart_policy }}" + published_ports: + - "{{ app_port }}:{{ app_port }}" + env: + "{{ env_vars }}" + +- name: Wait for application to be ready + wait_for: + host: 127.0.0.1 + port: "{{ app_port }}" + delay: 5 + timeout: 30 + +- name: Verify health endpoint + uri: + url: "http://127.0.0.1:{{ app_port }}/health" + status_code: 200 \ No newline at end of file diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml new file mode 100644 index 0000000000..fb01629168 --- /dev/null +++ b/ansible/roles/common/defaults/main.yml @@ -0,0 +1,6 @@ +common_packages: + - python3-pip + - curl + - git + - vim + - htop \ No newline at end of file diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml new file mode 100644 index 0000000000..46fa5bebbb --- /dev/null +++ b/ansible/roles/common/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Update apt cache + apt: + update_cache: yes + cache_valid_time: 3600 + +- name: Install common packages + apt: + name: "{{ common_packages }}" + state: present + +- name: Set timezone to UTC + community.general.timezone: + name: UTC \ No newline at end of file diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml new file mode 100644 index 0000000000..16d8aca5c5 --- /dev/null +++ b/ansible/roles/docker/defaults/main.yml @@ -0,0 +1,6 @@ +docker_packages: + - docker-ce + - docker-ce-cli + - containerd.io + +docker_user: ubuntu \ No newline at end of file diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml new file mode 100644 index 0000000000..ad85b66150 --- /dev/null +++ b/ansible/roles/docker/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart docker + service: + name: docker + state: restarted \ No newline at end of file diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml new file mode 100644 index 0000000000..2a9f2d90b8 --- /dev/null +++ b/ansible/roles/docker/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Add Docker GPG key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + +- name: Add Docker repository + apt_repository: + repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" + state: present + +- name: Install Docker packages + apt: + name: "{{ docker_packages }}" + state: present + +- name: Add user to docker group + user: + name: "{{ docker_user }}" + groups: docker + append: yes \ No newline at end of file diff --git a/labs/app_python/pulumi/__main__.py b/labs/app_python/pulumi/__main__.py index 0637b0ec13..c9cc74202a 100644 --- a/labs/app_python/pulumi/__main__.py +++ b/labs/app_python/pulumi/__main__.py @@ -1,6 +1,7 @@ import pulumi import pulumi_yandex as yandex +# Сеть network = yandex.VpcNetwork("lab-network") subnet = yandex.VpcSubnet( @@ -10,6 +11,15 @@ v4_cidr_blocks=["10.0.0.0/24"] ) +# Добавляем SSH-ключ +with open("/workspaces/DevOps-Core-Course/labs/id_rsa.pub") as f: + ssh_key = f.read().strip() + +metadata = { + "ssh-keys": f"ubuntu:{ssh_key}" +} + +# VM vm = yandex.ComputeInstance( "lab-vm", resources={ @@ -26,7 +36,9 @@ network_interfaces=[{ "subnet_id": subnet.id, "nat": True - }] + }], + metadata=metadata ) +# Экспорт публичного IP pulumi.export("public_ip", vm.network_interfaces[0].nat_ip_address) \ No newline at end of file