Lab12

ansible/ANSIBLE.md

@@ -1,6 +1,6 @@
 # Ansible
 
-## `ansible-playbook --diff`
+## `ansible-playbook --diff` (lab 5), last 50 lines
 
 ```
   aufs-tools cgroupfs-mount | cgroup-lite git-daemon-run | git-daemon-sysvinit
@@ -94,6 +94,60 @@ In the above output there are two hosts defined: `{ anshible_host: localhost }`
 `ungrouped` group, the second belongs to the `myhosts` group, both belong to the `all`
 metagroup (which is a special group that contains all defined hosts).
 
+## `ansible-playbook --diff` for app_python, last 50 lines
+```
+  libpython3-dev libpython3.8-dev libquadmath0 libstdc++-9-dev libtsan0
+  libubsan1 linux-libc-dev make manpages-dev python-pip-whl python3-dev
+  python3-wheel python3.8-dev zlib1g-dev
+Suggested packages:
+  binutils-doc cpp-doc gcc-9-locales debian-keyring g++-multilib
+  g++-9-multilib gcc-9-doc gcc-multilib autoconf automake libtool flex bison
+  gdb gcc-doc gcc-9-multilib glibc-doc bzr libstdc++-9-doc make-doc
+The following NEW packages will be installed:
+  binutils binutils-common binutils-x86-64-linux-gnu build-essential cpp cpp-9
+  dpkg-dev fakeroot g++ g++-9 gcc gcc-9 gcc-9-base libalgorithm-diff-perl
+  libalgorithm-diff-xs-perl libalgorithm-merge-perl libasan5 libatomic1
+  libbinutils libc-dev-bin libc6-dev libcc1-0 libcrypt-dev libctf-nobfd0
+  libctf0 libdpkg-perl libexpat1-dev libfakeroot libfile-fcntllock-perl
+  libgcc-9-dev libgomp1 libisl22 libitm1 liblsan0 libmpc3 libmpfr6
+  libpython3-dev libpython3.8-dev libquadmath0 libstdc++-9-dev libtsan0
+  libubsan1 linux-libc-dev make manpages-dev python-pip-whl python3-dev
+  python3-pip python3-wheel python3.8-dev zlib1g-dev
+0 upgraded, 51 newly installed, 0 to remove and 15 not upgraded.
+changed: [terraform1]
+
+TASK [docker : Install docker-compose via pip] ***********************************************************************
+changed: [terraform1]
+
+TASK [web_app : Pull image] ******************************************************************************************
+--- before
++++ after
+@@ -1,3 +1,3 @@
+ {
+-    "exists": false
++    "id": "sha256:55ef999c615bdb60c47911f0a4d11b1f5eb5eb9975d1f34d105cbaeac08626ca"
+ }
+
+changed: [terraform1]
+
+TASK [web_app : Create container] ************************************************************************************
+--- before
++++ after
+@@ -1,4 +1,4 @@
+ {
+-    "exists": false,
+-    "running": false
++    "exists": true,
++    "running": true
+ }
+
+changed: [terraform1]
+
+PLAY RECAP ***********************************************************************************************************
+terraform1                 : ok=12   changed=9    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
+
+```
+
 ## Best practices
 
 The project uses the following best practices:
@@ -107,3 +161,9 @@ The project uses the following best practices:
 -   Use fully qualified collection names
 
 -   Use dynamic inventory with clouds
+
+-   Use blocks to group related tasks together
+
+-   Use role dependencies between roles that require others to run before
+
+-   Use tags for conditional execution

ansible/playbooks/dev/app_go/main.yml

@@ -0,0 +1,18 @@
+- name: Deploy go app
+  hosts: all
+  roles:
+    - name: "Deploy kolay0ne/app_go:lab6"
+      role: web_app
+      image_name: "kolay0ne/app_go"
+      image_tag: "lab6"
+      publish_ports:
+        - "5500:5000"
+      wipe: false
+      tags: []  # Run by default
+
+    - name: "Wipe kolay0ne/app_go:lab6"
+      role: web_app
+      image_name: "kolay0ne/app_go"
+      image_tag: "lab6"
+      wipe: true
+      tags: [never, wipe]  # Only run on wipe

ansible/playbooks/dev/app_python/main.yml

@@ -0,0 +1,18 @@
+- name: Deploy python app
+  hosts: all
+  roles:
+    - name: "Deploy kolay0ne/app_py:lab6"
+      role: web_app
+      image_name: "kolay0ne/app_py"
+      image_tag: "lab6"
+      publish_ports:
+        - "5000:5000"
+      wipe: false
+      tags: []  # Run by default
+
+    - name: "Wipe kolay0ne/app_py:lab6"
+      role: web_app
+      image_name: "kolay0ne/app_py"
+      image_tag: "lab6"
+      wipe: true
+      tags: [never, wipe]  # Only run on wipe

ansible/roles/docker/tasks/docker.yaml

@@ -1,23 +1,23 @@
-- name: Ensure /etc/apt/keyrings exists
-  file:
-    path: /etc/apt/keyrings
-    state: directory
-  become: true
+- name: Prepare apt for docker installation
+  block:
+    - name: Ensure /etc/apt/keyrings exists
+      file:
+        path: /etc/apt/keyrings
+        state: directory
 
-- name: Add docker's GPG
-  ansible.builtin.get_url:
-    url: 'https://download.docker.com/linux/ubuntu/gpg'
-    dest: /etc/apt/keyrings/docker.asc
-    mode: a+r
-    force: true  # Redownload every time
-    decompress: false
-  become: true
+    - name: Add docker's GPG
+      ansible.builtin.get_url:
+        url: 'https://download.docker.com/linux/ubuntu/gpg'
+        dest: /etc/apt/keyrings/docker.asc
+        mode: a+r
+        force: true  # Redownload every time
+        decompress: false
 
-- name: Create docker source list for apt
-  shell: >
-    echo "deb [arch=$(dpkg --print-architecture)
-    signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu
-    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" > /etc/apt/sources.list.d/docker.list
+    - name: Create docker source list for apt
+      shell: >
+        echo "deb [arch=$(dpkg --print-architecture)
+        signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu
+        $(. /etc/os-release && echo "$VERSION_CODENAME") stable" > /etc/apt/sources.list.d/docker.list
   become: true
 
 - name: Install docker via apt
@@ -30,3 +30,15 @@
     state: present
     update_cache: true
   become: true
+
+- name: Give normal user access to docker
+  block:
+    - name: Add user `ubuntu` to group `docker`
+      ansible.builtin.user:
+        user: "ubuntu"
+        groups: ["docker"]
+        append: true
+      become: true
+
+    - name: Restart ssh connection for changes to the user's groups to take effect
+      ansible.builtin.meta: reset_connection

ansible/roles/web_app/README.md

@@ -0,0 +1,42 @@
+# Dockerized web app deploy role
+
+An ansible role for deploying a dockerized web app.
+
+## Requirements
+
+This role depends on the `docker` role from the same repository. No additional
+requirements are imposed.
+
+## Usage
+
+All parameters of the role are optional. The most basic usage:
+```
+roles:
+  - name: "Deploy hello-world"
+    role: web_app
+```
+The above will pull the `hello-world` image tagged `latest`, create a container
+`hello-world-0` corresponding to it, and start it.
+
+The most advanced usage:
+```
+roles:
+  - name: "Deploy asciiquarium"
+    role: web_app
+    image_name: "danielkraic/asciiquarium"
+    image_tag: "master"
+    container_name: "aq"
+    publish_ports:
+      - 5000:6000
+      - 7000
+    wipe: false
+```
+The above will pull the `danielkraic/asciiquarium` image tagged `master`, create
+a container `aq` corresponding to it, and start it. The container's port `6000` will
+be mapped to host `5000` and container's port `7000` will be mapped to an arbitrarily
+selected host port.
+
+Changing the `wipe` parameter to `true` (or another value that represents a boolean true
+according to ansible) causes the container to be destroyed and the pulled image to be
+removed from the managed machine. When `wipe` is `true`, the value of `publish_ports` is
+ignored.

ansible/roles/web_app/defaults/main.yaml

@@ -0,0 +1,6 @@
+---
+image_name: "hello-world"
+image_tag: "latest"
+container_name: "{{ image_name | basename }}-0"
+publish_ports: []
+wipe: false

ansible/roles/web_app/meta/main.yaml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - docker

ansible/roles/web_app/tasks/main.yaml

@@ -0,0 +1,42 @@
+---
+- name: Create directory for compose
+  ansible.builtin.file:
+    path: "~/{{image_name|basename}}"
+    state: "directory"
+  register: compose_dir
+
+- name: Stop old containers
+  community.docker.docker_compose_v2:
+    project_src: "{{ compose_dir.path }}"
+    state: stopped
+  # Compose file may not exist yet, thus ignoring errors
+  ignore_errors: true
+
+- name: Render new docker-compose.yml
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: "{{ compose_dir.path }}/docker-compose.yml"
+  vars:
+    image_full: "{{image_name}}:{{image_tag}}"
+    expose_ports: "{{ publish_ports }}"
+  when: not wipe
+
+- name: Manage containers
+  # If wiping, remove containers, otherwise start them
+  community.docker.docker_compose_v2:
+    project_src: "{{ compose_dir.path }}"
+    state: "{{ wipe | ternary('absent', 'present') }}"
+    pull: always
+
+- name: Wipe image
+  community.docker.docker_image:
+    name: "{{ image_name }}"
+    tag: "{{ image_tag }}"
+    state: "absent"
+  when: wipe
+
+- name: Remove compose file from the filesystem
+  ansible.builtin.file:
+    path: "{{ compose_dir.path }}"
+    state: "absent"
+  when: wipe

ansible/roles/web_app/templates/docker-compose.yml.j2

@@ -0,0 +1,9 @@
+services:
+  web_app:
+    image: {{ image_full }}
+{% if expose_ports is iterable and expose_ports|length > 0 %}
+    ports:
+{% for port_expr in expose_ports %}
+      - {{ port_expr }}
+{% endfor %}
+{% endif %}

app_go/.gitignore

@@ -25,3 +25,6 @@
 go.work
 
 # End of https://www.toptal.com/developers/gitignore/api/go
+
+
+/persistent

app_go/Dockerfile

@@ -1,19 +1,25 @@
 FROM golang:1.22.0-alpine3.19 as builder
 
+RUN ["mkdir", "/empty-dir"]
+
 WORKDIR /usr/src/app/
 
 COPY go.mod *.go /usr/src/app/
 # No dependencies yet
 #RUN go mod download && go mod verify
 
+RUN ["env", "CGO_ENABLED=0", "go", "get"]
 RUN ["env", "CGO_ENABLED=0", "go", "build", "-o", "catfact_webapp", "."]
 
 
-# Like `FROM scratch` but with SSL
-FROM damdo/sscratch
+FROM scratch
+# Enable https requests from within the container
+COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 
 EXPOSE 5000
 
+VOLUME /persistent
 COPY --from=builder /usr/src/app/catfact_webapp /
 USER 2004:2004
+COPY --from=builder --chown=2004:2004 /empty-dir /persistent
 ENTRYPOINT ["/catfact_webapp"]

app_go/go.mod

@@ -1,3 +1,15 @@
 module catfact_webapp
 
 go 1.21.6
+
+require github.com/prometheus/client_golang v1.19.0
+
+require (
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.48.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
+)

app_go/go.sum

@@ -0,0 +1,16 @@
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
+github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
+google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=