Lab8

ansible/.gitignore

@@ -0,0 +1 @@
+inventory.cfg

ansible/ANSIBLE.md

@@ -0,0 +1,51 @@
+# Ansible
+
+## Docker role
+The docker role and its README can be found inside `roles/docker`
+
+## Docker playbook
+The docker playbook is `docker.yml`
+
+## Inventory
+The inventory was created manually and removed for security reasons
+
+## Best practices
+[I have followed the official ansible best practices](https://docs.ansible.com/ansible/2.8/user_guide/playbooks_best_practices.html)
+
+
+## Deplyoment logs
+```
+ok: [<ip-address>]
+TASK [docker : include_tasks] **************************************************
+included: /home/majorro/repos/devops/ansible/roles/docker/tasks/deps.yaml for <ip-address>
+TASK [docker : Ensure dependencies are installed.] *****************************
+ok: [<ip-address>]
+TASK [docker : include_tasks] **************************************************
+included: /home/majorro/repos/devops/ansible/roles/docker/tasks/repo.yaml for <ip-address>
+TASK [docker : Install keys] ***************************************************
+ok: [<ip-address>]
+TASK [docker : Add docker repo] ************************************************
+ok: [<ip-address>]
+TASK [docker : include_tasks] **************************************************
+included: /home/majorro/repos/devops/ansible/roles/docker/tasks/install.yaml for <ip-address>
+TASK [docker : Ensure unnecessary, unofficial or old packages are removed] *****
+ok: [<ip-address>]
+TASK [docker : Install docker] *************************************************
+ok: [<ip-address>]
+TASK [docker : Install pip packets] ********************************************
+ok: [<ip-address>]
+TASK [web_app : Install application] *******************************************
+included: /home/majorro/repos/devops/ansible/roles/web_app/tasks/run.yaml for <ip-address>
+TASK [web_app : Create a directory if it does not exist] ***********************
+changed: [<ip-address>]
+TASK [web_app : Create docker-compose] *****************************************
+changed: [<ip-address>]
+TASK [web_app : Run application] ***********************************************
+changed: [<ip-address>]
+TASK [web_app : Wipe appliction] ***********************************************
+skipping: [<ip-address>]
+PLAY RECAP *********************************************************************
+<ip-address>             : ok=28   changed=6    unreachable=0    failed=0    skipped=2    rescued=0    ignored=0   
+EXIT NOTICE [Playbook execution success] **************************************
+===============================================================================
+```

ansible/ansible.cfg

@@ -0,0 +1,7 @@
+[defaults]
+
+inventory = inventory.cfg
+roles_path = roles
+display_skipped_hosts = yes
+display_ok_hosts = yes
+callback_whitelist = timer, profile_tasks

ansible/docker.yml

@@ -0,0 +1,5 @@
+- name: Install docker
+  hosts: vk_cloud
+  become: true
+  roles:
+    - docker

ansible/python.yml

@@ -0,0 +1,8 @@
+- name: Deploy Python web app
+  hosts: vk_cloud
+  become: true
+  roles:
+    - role: web_app
+      image: majorro/devops-engineering-course:python
+      ports:
+        - "8000:8000"

ansible/roles/docker/README.md

@@ -0,0 +1,12 @@
+# Docker Ansible Role
+Installs docker
+
+## Requirements
+- Ubuntu 22.04 on the host system
+
+## Usage
+Just add the role like this:
+```yaml
+roles:
+    - docker
+```

ansible/roles/docker/tasks/deps.yml

@@ -0,0 +1,10 @@
+- name: Ensure dependencies are installed
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - gnupg
+      - curl
+      - python3
+      - python3-pip
+    state: present

ansible/roles/docker/tasks/install.yml

@@ -0,0 +1,28 @@
+- name: Ensure old packages are removed
+  apt:
+    name:
+      - docker
+      - docker-engine
+      - docker.io
+      - docker-compoe
+      - docker-doc
+      - podman-docker
+      - containerd
+      - runc
+    state: absent
+
+- name: Install docker
+  apt:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+      - docker-buildx-plugin
+    state: present
+
+- name: Install pip packets
+  pip:
+    name:
+      - docker
+      - docker-compose
+    state: latest

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,3 @@
+- include_tasks: roles/docker/tasks/deps.yaml
+- include_tasks: roles/docker/tasks/repo.yaml
+- include_tasks: roles/docker/tasks/install.yaml

ansible/roles/docker/tasks/repo.yml

@@ -0,0 +1,13 @@
+- name: Install keys
+  ansible.builtin.get_url:
+    url: "https://download.docker.com/linux/ubuntu/gpg"
+    dest: /etc/apt/trusted.gpg.d/docker.asc
+    mode: '0644'
+    force: false
+    checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
+
+- name: Add docker repo
+  ansible.builtin.apt_repository:
+    repo: deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] https://download.docker.com/linux/ubuntu jammy stable
+    filename: /etc/apt/sources.list.d/docker
+    state: present

ansible/roles/web_app/README.md

@@ -0,0 +1,18 @@
+# Web app Ansible role
+
+This role will install a web application Docker image on the host
+
+## Requirements
+- Docker ansible role
+
+## Usage
+```
+- name: Example web app installation
+  hosts: all
+  become: true
+  roles:
+    - role: web_app
+      image: ubuntu:latest
+      ports:
+        - 8080:8888
+```

ansible/roles/web_app/meta/main.yml

@@ -0,0 +1,3 @@
+allow_duplicates: true
+dependencies:
+  - role: docker

ansible/roles/web_app/tasks/main.yml

@@ -0,0 +1,8 @@
+- name: Install application
+  include_tasks: "{{ role_path }}/tasks/run.yaml"
+  when: "web_app_full_wipe is not defined"
+
+- name: Wipe appliction
+  include_tasks:
+    file: "{{ role_path }}/tasks/wipe.yaml"
+  when: "web_app_full_wipe is defined"

ansible/roles/web_app/tasks/run.yml

@@ -0,0 +1,12 @@
+- name: Create a directory if it does not exist
+  ansible.builtin.file:
+    path: "/opt/composes/{{ image }}"
+    state: directory
+- name: Create docker-compose
+  template:
+    src: "{{ role_path }}/templates/docker-compose.yml.j2"
+    dest: "/opt/composes/{{ image }}/docker-compose.yml"
+- name: Run application
+  docker_compose:
+    project_src: "/opt/composes/{{ image }}"
+    state: present

ansible/roles/web_app/tasks/wipe.yml

@@ -0,0 +1,13 @@
+- name: Stop application
+  docker_compose:
+    project_src: "/opt/composes/{{ image }}"
+    state: absent
+- name: Delete the image from docker
+  docker_image:
+    name: "{{ image }}"
+    state: absent
+
+- name: Remove the compose directory
+  ansible.builtin.file:
+    path: "/opt/composes/{{ image }}"
+    state: absent

ansible/roles/web_app/templates/docker-compose.yml.j2

@@ -0,0 +1,10 @@
+version: "3.7"
+services:
+  app:
+    image: {{ image }}
+{% if ports is defined %}
+    ports:
+{% for port in ports %}
+      - "{{ port }}"
+{% endfor %}
+{% endif %}

ansible/roles/web_app/vars/main.yml

@@ -0,0 +1,2 @@
+image:
+ports:

app_python/main.py

@@ -2,8 +2,10 @@
 import os
 from zoneinfo import ZoneInfo
 from flask import Flask
+from prometheus_flask_exporter import PrometheusMetrics
 
 app = Flask(__name__)
+metrics = PrometheusMetrics(app)
 
 def get_moscow_time():
     time_zone = ZoneInfo("Europe/Moscow")

app_python/requirements.txt

@@ -1,3 +1,4 @@
 Flask==2.2.5
 waitress==2.1.2
-pytest==7.4.2
+pytest==7.4.2
+prometheus-flask-exporter==0.23.0

monitoring/METRICS.md

@@ -0,0 +1 @@
+![Prometheus targets](img/prometheus-targets.jpg)

monitoring/docker-compose.yml

@@ -0,0 +1,90 @@
+version: "3"
+
+networks:
+  monitoring:
+    name: "monitoring"
+
+services:
+  app_python:
+    image: majorro/devops-engineering-course:python
+    build: ../app_python
+    ports:
+      - "8000:8000"
+    logging: &logger
+      driver: "json-file"
+      options:
+        tag: "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}"
+    networks:
+      - monitoring
+
+  app_dotnet:
+    image: majorro/devops-engineering-course:dotnet
+    ports:
+      - "5196:80"
+    logging:
+      <<: *logger
+    networks:
+      - monitoring
+
+  loki:
+    image: grafana/loki:2.9.0
+    command: -config.file=/etc/loki/local-config.yaml
+    networks:
+      - monitoring
+    logging:
+      <<: *logger
+
+  promtail:
+    image: grafana/promtail:2.9.0
+    volumes:
+      - /var/lib/docker/containers:/var/lib/docker/containers
+      - ./promtail-config.yaml:/etc/promtail/config.yml
+    command: -config.file=/etc/promtail/config.yml
+    networks:
+      - monitoring
+    logging:
+      <<: *logger
+
+  grafana:
+    environment:
+      - GF_PATHS_PROVISIONING=/etc/grafana/provisioning
+      - GF_AUTH_ANONYMOUS_ENABLED=true
+      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+    entrypoint:
+      - sh
+      - -euc
+      - |
+        mkdir -p /etc/grafana/provisioning/datasources
+        cat <<EOF > /etc/grafana/provisioning/datasources/ds.yaml
+        apiVersion: 1
+        datasources:
+        - name: Loki
+          type: loki
+          access: proxy
+          orgId: 1
+          url: http://loki:3100
+          basicAuth: false
+          isDefault: true
+          version: 1
+          editable: false
+        EOF
+        /run.sh
+    image: grafana/grafana:latest
+    ports:
+      - "3000:3000"
+    networks:
+      - monitoring
+    logging:
+      <<: *logger
+
+  prometheus:
+    image: prom/prometheus:latest
+    volumes:
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml
+    command: --config.file=/etc/prometheus/prometheus.yml
+    ports:
+      - "9090:9090"
+    networks:
+      - monitoring
+    logging:
+      <<: *logger

monitoring/prometheus.yml

@@ -0,0 +1,20 @@
+global:
+  scrape_interval:     5s
+  evaluation_interval: 5s
+
+rule_files:
+  # - "first.rules"
+  # - "second.rules"
+
+scrape_configs:
+  - job_name: prometheus
+    static_configs:
+      - targets: ['prometheus:9090']
+
+  - job_name: app-python
+    static_configs:
+      - targets: ['app_python:8000']
+
+  - job_name: "loki"
+    static_configs:
+      - targets: ["loki:3100"]