Lab05

ansible/.gitignore

@@ -0,0 +1 @@
+.vault_pass

ansible/ansible.cfg

@@ -0,0 +1,11 @@
+[defaults]
+inventory = inventory/hosts.ini
+roles_path = roles
+host_key_checking = False
+remote_user = ubuntu
+retry_files_enabled = False
+
+[privilege_escalation]
+become = True
+become_method = sudo
+become_user = root

ansible/group_vars/all.yml

@@ -0,0 +1,16 @@
+docker_image: qobz1e/devops-info-service
+docker_image_tag: lab2
+app_container_name: info-service
+app_port: 5000
+restart_policy: always
+env_vars:
+  ENV: production
+dockerhub_username: qobz1e
+dockerhub_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          61326164653039343162646236626431386632643166396130626164316238633363616231616131
+          6462663662386465373263666262626433353832313962660a613635623639306130633134656434
+          32623434383237333532363630383264323464343563366266336230303266326661616237353064
+          3337303165653736640a373561613836373639303237373032393134336464613732346161653664
+          65396237363265336236623361326135346238613065656131656265353737323363303034343133
+          6531623765633839623039323131666530646464306133373030

ansible/inventory/hosts.ini

@@ -0,0 +1,5 @@
+[webservers]
+myvm ansible_host=130.193.51.239 ansible_user=ubuntu ansible_ssh_private_key_file=/workspaces/DevOps-Core-Course/labs/id_rsa
+
+[webservers:vars]
+ansible_python_interpreter=/usr/bin/python3

ansible/playbooks/deploy.yml

@@ -0,0 +1,8 @@
+---
+- name: Deploy application
+  hosts: webservers
+  become: yes
+  vars_files:
+    - /workspaces/DevOps-Core-Course/ansible/group_vars/all.yml
+  roles:
+    - app_deploy

ansible/playbooks/provision.yml

@@ -0,0 +1,8 @@
+---
+- name: Provision web servers
+  hosts: webservers
+  become: yes
+
+  roles:
+    - common
+    - docker

ansible/roles/app_deploy/defaults/main.yml

@@ -0,0 +1,4 @@
+---
+app_port: 5000
+restart_policy: unless-stopped
+env_vars: {}

ansible/roles/app_deploy/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart app container
+  community.docker.docker_container:
+    name: "{{ app_container_name }}"
+    state: restarted

ansible/roles/app_deploy/tasks/main.yml

@@ -0,0 +1,47 @@
+---
+- name: Login to Docker Hub
+  community.docker.docker_login:
+    username: "{{ dockerhub_username }}"
+    password: "{{ dockerhub_password }}"
+  no_log: true
+
+- name: Pull Docker image
+  community.docker.docker_image:
+    name: "{{ docker_image }}"
+    tag: "{{ docker_image_tag }}"
+    source: pull
+
+- name: Stop existing container
+  community.docker.docker_container:
+    name: "{{ app_container_name }}"
+    state: stopped
+  ignore_errors: yes
+
+- name: Remove old container
+  community.docker.docker_container:
+    name: "{{ app_container_name }}"
+    state: absent
+  ignore_errors: yes
+
+- name: Run application container
+  community.docker.docker_container:
+    name: "{{ app_container_name }}"
+    image: "{{ docker_image }}:{{ docker_image_tag }}"
+    state: started
+    restart_policy: "{{ restart_policy }}"
+    published_ports:
+      - "{{ app_port }}:{{ app_port }}"
+    env:
+      "{{ env_vars }}"
+
+- name: Wait for application to be ready
+  wait_for:
+    host: 127.0.0.1
+    port: "{{ app_port }}"
+    delay: 5
+    timeout: 30
+
+- name: Verify health endpoint
+  uri:
+    url: "http://127.0.0.1:{{ app_port }}/health"
+    status_code: 200

ansible/roles/common/defaults/main.yml

@@ -0,0 +1,6 @@
+common_packages:
+  - python3-pip
+  - curl
+  - git
+  - vim
+  - htop

ansible/roles/common/tasks/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Update apt cache
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Install common packages
+  apt:
+    name: "{{ common_packages }}"
+    state: present
+
+- name: Set timezone to UTC
+  community.general.timezone:
+    name: UTC

ansible/roles/docker/defaults/main.yml

@@ -0,0 +1,6 @@
+docker_packages:
+  - docker-ce
+  - docker-ce-cli
+  - containerd.io
+
+docker_user: ubuntu

ansible/roles/docker/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart docker
+  service:
+    name: docker
+    state: restarted

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Add Docker GPG key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    state: present
+
+- name: Add Docker repository
+  apt_repository:
+    repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+    state: present
+
+- name: Install Docker packages
+  apt:
+    name: "{{ docker_packages }}"
+    state: present
+
+- name: Add user to docker group
+  user:
+    name: "{{ docker_user }}"
+    groups: docker
+    append: yes

labs/app_python/pulumi/__main__.py

@@ -1,6 +1,7 @@
 import pulumi
 import pulumi_yandex as yandex
 
+# Сеть
 network = yandex.VpcNetwork("lab-network")
 
 subnet = yandex.VpcSubnet(
@@ -10,6 +11,15 @@
     v4_cidr_blocks=["10.0.0.0/24"]
 )
 
+# Добавляем SSH-ключ
+with open("/workspaces/DevOps-Core-Course/labs/id_rsa.pub") as f:
+    ssh_key = f.read().strip()
+
+metadata = {
+    "ssh-keys": f"ubuntu:{ssh_key}"
+}
+
+# VM
 vm = yandex.ComputeInstance(
     "lab-vm",
     resources={
@@ -26,7 +36,9 @@
     network_interfaces=[{
         "subnet_id": subnet.id,
         "nat": True
-    }]
+    }],
+    metadata=metadata
 )
 
+# Экспорт публичного IP
 pulumi.export("public_ip", vm.network_interfaces[0].nat_ip_address)