:::success # LS lab 2 - Infrastructure as Code (IaC) Tutunchy Ammar ::: ## Task 1 ### git repository: #### /.git ::: success The working directory has a subfolder called.git. It contains all of the git metadata required for the new repository. The metadata directory comprises subdirectories for objects, references, and template files. This file is normally located in the root directory of a directory project and is not required in all subdirectories. When the git init command was performed, the. The git subdirectory has been added to the working project directory, and the project may now begin logging revisions. It includes the project's repository file-fit repository skeleton. ::: #### /.github ::: success The.github directory contains processes, issue templates, pull request templates, financing information, and other project-specific data. The.github repository, on the other hand, is a one-of-a-kind repository that you may set up. It serves as a fallback for all of your repositories that lack a.github directory including issue templates and other community health files. ::: #### .gitignore :::info The.gitignore file includes any file or folder we want to ignore, which is normally system-generated and owned by git. There is no specific command to ignore the file, and the ignored files may be tracked on a. The gitignore file is placed inside the repository or root folder. We can construct numerous ignore files in separate directories that contain all of the ignored file's formats and files. We can open and update the file and insert any file we want to ignore by using the commands **touch.gitignore** and **cat.gitignore** in the directory, and we can also track it by using the command git add.gitignore and then **commit -m "ignored directory created."** Git allows us to build a global.gitignore file that is utilized across the project, and we can use the command **"$ git config —global core.excludesfile /.gitignore global "** to do so. ::: #### .gitmodules ::: success Users encounter various conflicts and problems while working on Git while attempting to conduct odd actions or moving to another without aborting or skipping the ongoing activity, such as the "Unmerged paths:" issue. This problem occurs when developers alter the same lines in a single file many times. To remedy this issue, developers must add all modifications and merge them. ::: ### ansible directory: #### ansible.cfg :::info Ansible's configuration file allows you to change certain parameters (ansible.cfg). Most people should be OK with the default settings. Use the ansible-config utility to view, list, or dump the various different settings available for Ansible. Running the $ansible-config view utility will print in your standard output your current ansible.cfg content, as you can see, this below outcome is the exact same as the earlier $cat ansible.cfg command above. ::: #### inventory folder :::info An inventory file is used by Ansible to keep track of which hosts are part of your infrastructure and how to access them for commands and playbooks. Depending on your environment and project requirements, you may configure your Ansible inventory file in a variety of ways. ::: #### roles folder ::: success Roles allow you to load related variables, files, tasks, handlers, and other Ansible artifacts based on a predefined file structure. After you've organized your information into roles, you can quickly reuse and share it with other people. Roles can be used in three ways: at the play level, using the roles option: This is the traditional method of employing roles in a play. at the tasks level with include role: With include role, you may reuse roles dynamically anywhere in a play's tasks section. at the tasks level with import role: You may use import role to reuse roles statically anywhere in a play's tasks section. ::: ##### tasks ::: success This module is included in all Ansible installations as part of ansible-core. In most circumstances, the short module name meta may be used without mentioning the collections: keyword. ::: ##### defaults/group_vars ::: success It sets variables for host groups and deploys Ansible plays/tasks against each host/group using the hosts file and the "group vars" directory. Files in the group var directory are named after the host group or all, and the variables are allocated to that host group or all hosts. ::: ##### handlers ::: success Handlers are commonly used in Ansible to start, reload, restart, and stop services. If your playbook calls for modifying configuration files, you'll almost certainly need to restart a service to see the changes take effect. In this instance, you must specify a handler for that service and include the notify directive in any tasks that require it. ::: ##### templates :::info A template is a file that contains all of your configuration settings, but the dynamic values are specified as variables in Ansible. The variables will be replaced with the necessary values during playbook execution, depending on the conditions such as which cluster you are using. ::: #### playbooks folder ::: success Variables, settings, deployment processes, assign responsibilities, and conduct numerous activities are all defined in playbooks. For example, you may COPY / DELETE files and folders, install packages, and start services. Playbooks are generally developed to orchestrate the processes to various computers or servers and bring them all to a specific intended state. Playbook is written in YAML and has a file extension of.yml. Because of the sensitivity of the format and alignment, it must be handled with extreme caution. ctions: keyword. ::: ### terraform folder: #### main.tf :::info important file in a Terraform project that stores the project's configuration and may usually be found in the project's root directory. Infrastructure resources, such as compute instances, outputs, and providers, may be created, managed, and modified in a single file called main.tf, which can be utilized with a wide variety of cloud and on-premises service providers. The configuration language used is Hasicorp's (HCL) ::: #### variables.tf :::info The variables.tf file is a Terraform configuration file that is used to declare the variables that will be used throughout the Terraform project. It is typically located in the root directory of the project, along with the main.tf file. the variable declare in this file that will be used throughout the terraform project ,also declare the variable that used in the main.tf file and other configuration file as it allows to define and manage variables in a centralized and reusable way, making your infrastructure configuration more flexible and maintainable. ::: #### outputs.tf :::info The outputs of the Terraform project can be specified in this configuration file. It is kept in the root directory of the project, together with the main.tf and variables.tf files. tf is a robust Terraform utility that provides versatile and automatic data extraction and utilization from the Terraform state. By defining your outputs, you may create a more streamlined and integrated process for infrastructure provisioning and upkeep. When the infrastructure has been provided, this file can declare the Terraform status. These numbers can be sent to a configuration management tool or a monitoring system to alert the appropriate parties. ::: ### Task 2 - Prepare your application Find and choose (it is much better to develop by yourself) a simple application. For example, it could be a web server with the static HTML page, time zones server or a currency calculator. Use whatever programming language that you want (python, golang, C#, java...). Include the link to VCS where your application is stored. Bonus: prepare microservices instead of standalone application, e.g. full stack web application with web server, database... - i deployed the static-web page in my acount in git hub. https://github.com/ammaralnajim/protoflio-website ### Task 3 - Dockerize your application 1. Build Docker image for your application (make Dockerfile). Look for the best Dockerfile practices and try to follow them. Bonus: use docker-compose in the case of microservices. :::info As indicated in the image above, I setup the docker file in my project and built the image from it. ```!docker FROM nginx:1.23.3 USER 1000:1000 WORKDIR /usr/share/nginx/html COPY index.html . EXPOSE 80 ``` ::: ### Task 4 - Deliver your application using Software Conguration Management - **1. Get your personal cloud account. Free tiers for a AWS and GCP users has been blocked in Russia. If you already have accounts, it should work and be enough for this lab. If not, try other cloud providers with a free subscription: Yandex.Cloud, IBM, Oracle, Alibaba Cloud... If you will not be able to work with cloud, you have to proceed within the local deployment for the whole Task 4. For example, prepare a local virtual machine for the further tasks. Include the explanation into the report why you were forced to work locally.** - **2. Use Terraform to deploy your required cloud instance. Please notice that to run terraform init command you have to use VPN. Look for the best Terraform practices and try to follow them. If for a some reason you will not able to use VPN, prepare a local VM using Vargant tool. Include the explanation into the report about the inability to work with VPN.** - **3. Choose Software Conguration Management (SCM) tool. Ansible is the industry standard. Of course, we have other SCM solutions such as SaltStack, Puppet, Chef. You can try them but remember that it is probably more difficult to work with these tools and you are responsible for your choice.** - **4. Using SCM tool, write a playbook tasks to deliver and run your application to cloud instance/to local VM. Try to separate your configuration files into inventory/roles/playbooks files. In real practice, we almost newer use poor playbooks where everything all in one. Also try to use the best practices for you SCM tool, e.g. Ansible. Bonus: use Ansible Molecula and Ansible Lint to test your application before to deliver it to cloud. Bonus: Deploy Ansible AWX and demonstrate a PoC.** :::info I don't have a previous cloud account so i was unable to make the lab on cloud instances. I worked with Ansible and Vagrant boxes with virtualbox as provider. ::: - Using Vagrant i deployed Ubuntu/xenial64 | | | -------- | |  Fig. Selecting the provider | | | | -------- | |  Fig. Vagrant boxes repository| | | | -------- | |  Fig. initiating ubuntu/xenial box | After generating the Vagrantfile i customized as shown below, in order to deploy a vagrant box with ip address `10.1.1.150` ```!bash Vagrant.configure("2") do |config| config.vm.box = "ubuntu/xenial64" config.vm.hostname = "client-1" config.vm.network "public_network", ip: "10.1.1.11", hostname: true config.vm.provider "virtualbox" do |vb| vb.memory = "1500" end config.vm.provision "ansible" do |ansible| ansible.verbose = "v" ansible.playbook = "playbook.yaml" end end ``` - using the command `vagrant up` i started the vagrant box || | -------- | | Fig. vagrant up | - During the vagrant box creation i was invited to select a network interface since i explicitly described the vagrant box to run with a bridged interface. | | | -------- |  | Fig. selecting interface | - My ansible playbook install docker and publishes the docker container on port 80 Playbook file ```!yaml --- - name: Configure nginx server hosts: all become: yes tasks: - name: upgrade repo apt: update_cache=true force_apt_get=true - name: install-dependencies apt: pkg: - curl - gnupg - ca-certificates - name: add docker GPG key apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present keyring: /etc/apt/keyrings/docker.gpg - name: add docker repository apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu xenial stable" - name: update repo apt: update_cache=true force_apt_get=true - name: install docker and co apt: pkg: - docker-ce - docker-ce-cli - containerd.io - docker-buildx-plugin - docker-compose-plugin - name: start docker service: name: docker state: started enabled: yes - name: add user to docker group user: name: vagrant append: yes groups: docker - name: pull the application docker_container: name: web-app auto_remove: yes detach: yes image: ammartutunchy/portfolio:1 network_mode: bridge published_ports: - 80:80 pull: yes ``` | | | --- | |  Fig. Reloading the vagrant box | | | | -------- | |   Fig. | | | | -------- | |  |Fig. Application accessible | ### Task 5 - Teamwork with the version control system In industry, before deploying a new version of the service/application, we receive a review from colleagues. 1. a) Create and log in to your personal version control system account on the git engine: github (default choice) gitlab bitbucket ... b) Create a repository with your application/microservices and all required code/configs. c) Synchronize your local and remote repository. |<center></center>| |--| d) Create a separate branch for the development, as well as protect your master branch in the repository from direct commits to it. |<center></center>| |--| |<center></center>| |<center></center>| |<center></center>| e) Create a Pull Request from your developer branch to the master branch. |<center></center>| |--| f) Your colleague should get explanation about your work and conduct a review of your PR. |<center></center>| |--| g) Receive an PR approvement, merge your PR and synchronize the local and remote repositories. |<center></center>| |--| Bonus: implement steps 2 and 4 using Terraform. 2. Learn some advanced git features. Answer for the following questions and show a PoC wherever it is possible for you: a) What's the difference between git pull and git fetch ?  ::: success Git pull and git fetch download changes from a remote repository to a local repository. Git fetch saves changes as separate remote branches, while git pull merges changes into the local branch immediately. Git fetch is safer for review, while git pull is more convenient. Choice depends on workflow and use case. ::: b) What's the difference between git rebase and git merge ? ::: success The difference between git merge and git rebase it integrate the changes from one branch into another. The merge will create a new commit, preserving branch history, while git rebase rewrites the repostiroy history. ::: c) How we can Rebase one branch with commits from other head branch? And to replace one branch by another? ::: success Use "git rebase [branch_name]". To replace a branch with another branch, use "git branch -f [branch_name] [other_branch_name]". ::: d) How we can replace (overwrite) one branch with other remote upstream branch entirely? ::: success Replace a local branch with a remote upstream branch in Git using "git fetch" and "git reset". The syntax is: 'git fetch origin new_feature:old_feature' and 'git reset --hard origin/old_feature'. This will fetch the latest version of the new branch and replace the old branch with it. ::: e) How we can add a remote-tracking repository? When it's suitable? ::: success Track and fetch changes from a remote repository in Git, use "git remote add [short_name] [url]". ::: f) How we can merge fork branch with origin/upstream branch? ::: success Merge a fork branch with the upstream branch, add the upstream repository as a remote, fetch changes with "git fetch", checkout the fork branch, merge the changes with "git merge", and push the merged changes with "git push". ::: g) How we can push the new branch to origin when this branch is set up for tracking to the specified remote-tracking repository? ::: success Push a new branch set up for tracking to a remote-tracking repository, use "git push -u origin <new-branch-name>". ::: h) How we can join several commits into one? ::: success We can join several commits into one using "git rebase -i", selecting the commits we want to squash together by changing "pick" to "squash", and saving to create a single commit. ::: i) How we can change commit message? ::: success Use "git commit --amend" to edit the message in the editor that opens, then save and exit. If the commit has already been pushed, use "git push --force" to push the amended commit to the remote repository. ::: j) How we can cancel(undo) the last pushed commit to the target remote branch? ::: success Use "git push --force origin <target-branch>^:<target-branch>". ::: Bonus: learn and try to use in practice git hooks . For example, we might use hooks to prevent commits pushing which have incorrect message body that does not comply with the repository policy. As the final result after applying all configurations files, you should be able to show the working execution of your running app on the cloud instance (local VM) according to this app destiny. For example, if you prepared a web server, you have to be able to open http://yourdomain.com in your browser and see the web site page. ## Reference [Linxhint](https://linuxhint.com/resolve-git-status-unmerged-paths/) [javapoint](https://www.javatpoint.com/git-init) [freecodecamp](https://www.freecodecamp.org/news/what-is-git-learn-git-version-control/) [DigitalOcean](https://www.digitalocean.com/community/tutorials/how-to-set-up-ansible-inventories) [docs.ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html) [redhat](https://www.redhat.com/en/blog/managing-ansible-configuration-files) [learnitguide](https://www.learnitguide.net/2017/12/managing-ansible-configuration-files.html) [ansible-roles](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html) [ansible-module](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html) [software testing help](https://www.softwaretestinghelp.com/ansible-playbooks-ansible-vaults/) [redhat-Got automation?...](https://www.redhat.com/sysadmin/how-start-ansible) [rderik-ansible to automate local tasks and setup](https://rderik.com/blog/using-ansible-to-automate-local-tasks-and-setup/) [educba](https://www.educba.com/ansible-group_vars/) [how to manage multistaage environments wit ansible](https://www.digitalocean.com/community/tutorials/how-to-manage-multistage-environments-with-ansible) [digitalocean-handlers](https://www.digitalocean.com/community/tutorials/how-to-define-and-use-handlers-in-ansible-playbooks) [javapoint- ansible templates](https://www.javatpoint.com/ansible-templates#:~:text=A%20template%20is%20a%20file,replaced%20with%20the%20relevant%20values.) [squadcast - Creating your first module using Terraform](https://www.squadcast.com/blog/creating-your-first-module-using-terraform#:~:text=main.tf%3A%20This%20is%20our,going%20to%20define%20our%20variables.) [hashiccorp - build and use a local module](https://developer.hashicorp.com/terraform/tutorials/modules/module-create)