complete lab17

.github/workflows/ansible-deploy.yml

@@ -0,0 +1,90 @@
+name: Ansible Deployment
+
+on:
+  push:
+    branches: [ master, lab11 ]
+
+  pull_request:
+    branches: [ master ]
+    paths:
+      - 'app_python/ansible/**'
+
+jobs:
+
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          pip install ansible ansible-lint
+
+      - name: Run ansible-lint
+        run: |
+          cd app_python/ansible
+          ansible-lint playbooks/*.yml
+
+
+  deploy:
+    name: Deploy Application
+    needs: lint
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install Ansible
+        run: |
+          pip install ansible
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo Store the private key
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/devops-terraform-passwordless
+          chmod 600 ~/.ssh/devops-terraform-passwordless
+          echo check key validity
+          ssh-keygen -y -f ~/.ssh/devops-terraform-passwordless
+          echo Append vm ip to known hosts
+          ssh-keyscan "${{ secrets.VM_HOST }}" >> ~/.ssh/known_hosts
+
+      - name: Recreate group_vars/all.yml
+        run: |
+          mkdir -p app_python/ansible/group_vars
+          echo "${{ secrets.ANSIBLE_GROUP_VARS_ALL }}" | base64 --decode > app_python/ansible/group_vars/all.yml
+
+      - name: Run Ansible Playbook
+        run: |
+          ssh -i ~/.ssh/devops-terraform-passwordless ubuntu@${{ secrets.VM_HOST }} "echo connected"
+
+          echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}' > /tmp/vault_pass
+          cd app_python/ansible
+
+          ansible-playbook playbooks/deploy.yml \
+            -i inventory/hosts.ini \
+            --vault-password-file /tmp/vault_pass \
+            --extra-vars @./group_vars/all.yml
+
+          rm /tmp/vault_pass
+
+      - name: Verify Deployment
+        run: |
+          sleep 10
+          curl -f http://${{ secrets.VM_HOST }}:1999 || exit 1
+          curl -f http://${{ secrets.VM_HOST }}:1999/health || exit 1

.github/workflows/python-ci.yml

@@ -0,0 +1,69 @@
+name: My FLask App Testing
+
+on: [push, pull_request]
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+          cache-dependency-path: './app_python/requirements.txt'
+      - name: Install dependencies
+        run: |
+          pip install -r ./app_python/requirements.txt
+          pip install pytest flake8
+      - name: Lint
+        run: flake8 ./app_python/app.py
+      - name: Test
+        run: pytest ./app_python/tests/
+  docker:
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Generate version
+        run: echo "VERSION=$(date +%Y.%m.%d)" >> $GITHUB_ENV
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: ./app_python
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            ${{ secrets.DOCKER_USERNAME }}/my-app:latest
+            ${{ secrets.DOCKER_USERNAME }}/my-app:${{ env.VERSION }}
+            ${{ secrets.DOCKER_USERNAME }}/my-app:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          cache: 'pip'
+          cache-dependency-path: './app_python/requirements.txt'
+      - name: Install dependencies
+        run: |
+          pip install -r app_python/requirements.txt
+      - name: Install Snyk CLI
+        run: npm install -g snyk
+      - name: Run Snyk
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        run: |
+          snyk test app_python \
+            --severity-threshold=high

.gitignore

@@ -1 +1,14 @@
-test
+# OS
+.DS_Store
+
+# Vault
+app_python/ansible/group_vars/all.yml
+
+# File for me
+app_python/reminder.md
+
+.vscode/settings.json
+
+app_python/monitoring/.env
+
+argocd_pass

.wrangler/cache/wrangler-account.json

@@ -0,0 +1,6 @@
+{
+  "account": {
+    "id": "7a19bada09a97582626ff1817cab49ed",
+    "name": "V.levasheva@innopolis.university's Account"
+  }
+}

app_python/.dockerignore

@@ -0,0 +1,29 @@
+# Python
+__pycache__/
+*.py[cod]
+venv/
+*.log
+.venv/
+
+# Version control
+.git
+.gitignore
+
+# IDE
+.vscode/
+.idea/
+
+# OS
+.DS_Store
+
+# Secrets
+.env
+*.pem
+secrets/
+
+# Documentation
+*.md
+docs/
+
+# Tests
+tests/

app_python/.gitignore

@@ -0,0 +1,16 @@
+# Python
+__pycache__/
+*.py[cod]
+venv/
+*.log
+
+# IDE
+.vscode/
+.idea/
+
+# OS
+.DS_Store
+
+# Vault
+./ansible/group_vars/all.yml
+~/.vault_pass.txt

app_python/.python-version

@@ -0,0 +1 @@
+devops

app_python/Dockerfile

@@ -0,0 +1,18 @@
+FROM python:3.13-slim AS builder
+WORKDIR /app_python
+COPY requirements.txt .
+RUN pip install --upgrade pip && \
+    pip install --no-cache-dir -r requirements.txt
+COPY app.py . 
+
+FROM python:3.13-slim
+ENV PORT="12345"
+EXPOSE 12345
+RUN apt update && apt install -y curl && rm -rf /var/lib/apt/lists/*
+RUN useradd --create-home --shell /bin/bash newuser
+WORKDIR /app
+RUN mkdir -p /app/data && chown -R newuser:newuser /app
+COPY --from=builder /usr/local/lib/python3.13/site-packages /usr/local/lib/python3.13/site-packages
+COPY --from=builder ./app_python .
+USER newuser
+CMD ["python", "app.py"]

app_python/README.md

@@ -0,0 +1,109 @@
+# User-facing documentation
+
+## Overview 
+
+When acessed, this web service answers with information either about itself (path "/") or with its health status ("/health). The information includes fields with the details of the service, system, runtime, request and enpoints. 
+
+## Prerequisites
+
+### Python version
+
+Pyenv is used for the virtual environment managing. To install it refer to [this website](https://akrabat.com/creating-virtual-environments-with-pyenv/) for instructions.
+
+Python version used: 3.12.9
+
+
+### Python libraries:
+- jsonify imported from Flask library
+- request imported from Flask library
+- platform
+- socket
+- datetime imported from datetime
+- os
+- logging
+
+### Installation
+
+```bash
+pyenv virtualenv 3.12.9 webapp
+pyenv activate webapp
+pip install -r requirements.txt
+   ```
+### Running the Application
+```bash
+python app.py
+PORT=8080 python app.py # if you want to use a custom port (the default is 5000)
+```
+
+### API Endpoints ###
+- `GET /` - Service and system information
+- `GET /health` - Health check
+- `GET /visits` - See the number of times root directory was accessed
+- `GET /ready` - Check if the application is ready to take requests
+- `GET /health` - Check if the application is dead and should be reloaded
+
+### Configuration ###
+
+| №  | Var name | Description 
+| ---| ----- | --------------------|
+| #1 | HOST | Name of the host (defaults to socket.hostname first if available) | 
+| #2 | PORT | Port for the application access | 
+| #3 | DEBUG | Debug status | 
+
+### Docker container ###
+
+#### Building the image locally ###
+
+Use the command in format:
+```bash
+docker build -t your-docker-username/image-name:image-tag directory-with-dockerfile
+```
+Example: 
+```bash
+docker build -t fountainer/my-app:1.1.0 .
+```
+#### Running a container ###
+
+Use the command in format:
+```bash 
+docker run -p host-port:container-port image-name:tag
+```
+Example:
+```bash
+docker run -p 12345:12345 fountainer/my-app:1.1.0
+```
+#### Pulling from Docker Hub ###
+
+```bash
+docker image pull image-name:image-tag
+```
+
+Example: 
+```bash
+docker image pull app:1.0.0
+```
+
+### Testing ###
+
+#### Workflow Badge
+
+[![My FLask App Testing](https://github.com/ffountainer/DevOps-Core-Course/actions/workflows/python-ci.yml/badge.svg?branch=master)](https://github.com/ffountainer/DevOps-Core-Course/actions/workflows/python-ci.yml)
+
+#### Unit testing ####
+
+To test the ./ endpoint:
+
+```bash
+pytest ./app_python/tests/test_home_endpoint.py
+```
+
+To test the ./health endpoint:
+
+
+```bash
+pytest ./app_python/tests/test_health_endpoint.py
+```
+
+## Ansible deployment
+
+[![Ansible Deployment](https://github.com/ffountainer/DevOps-Core-Course/actions/workflows/ansible-deploy.yml/badge.svg)](https://github.com/ffountainer/DevOps-Core-Course/actions/workflows/ansible-deploy.yml)

app_python/ansible/.vault_pass.txt

@@ -0,0 +1 @@
+1967

app_python/ansible/ansible.cfg

@@ -0,0 +1,12 @@
+[defaults]
+inventory = inventory/hosts.ini
+roles_path = roles
+host_key_checking = False
+remote_user = ubuntu
+retry_files_enabled = False
+vault_password_file = .vault_pass.txt
+
+[privilege_escalation]
+become = True
+become_method = sudo
+become_user = root

app_python/ansible/docs/LAB05.md

@@ -0,0 +1 @@
+!!!!!! real LAB05.md documentation lies in the app_python/docs/LAB05.md, since all prev labs documentation files were there, and I wanted to remain consistent. Please check this file, it has everything required by the task

app_python/ansible/docs/LAB06.md

@@ -0,0 +1 @@
+!!!!!! real LAB06.md documentation lies in the app_python/docs/LAB06.md, since all prev labs documentation files were there, and I wanted to remain consistent. Please check this file, it has everything required by the task