first part

Author: BulatGazizov-dev

.github/workflows/ansible-deploy.yml

@@ -0,0 +1,55 @@
+name: Ansible Deployment
+
+on:
+  push:
+    branches: [ main, master ]
+    paths:
+      - 'ansible/**'
+      - '!ansible/docs/**'
+      - '.github/workflows/ansible-deploy.yml'
+  pull_request:
+    branches: [ main, master ]
+    paths:
+      - 'ansible/**'
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          pip install ansible ansible-lint
+
+      - name: Run ansible-lint
+        run: |
+          cd ansible
+          ansible-lint playbooks/*.yml
+
+  deploy:
+    name: Deploy Application
+    needs: lint
+    runs-on: self-hosted
+    steps:
+      - uses: actions/checkout@v4
+      - name: Deploy with Ansible
+        run: |
+          cd ansible
+          echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > /tmp/vault_pass
+          ansible-playbook playbooks/deploy.yml \
+            --vault-password-file /tmp/vault_pass \
+            --tags "app_deploy"
+          rm /tmp/vault_pass
+      - name: Verify Deployment
+        run: |
+          sleep 10  # Wait for app to start
+          curl -f http://${{ secrets.VM_HOST }}:8000 || exit 1
+          curl -f http://${{ secrets.VM_HOST }}:8000/health || exit 1

README.md

@@ -2,6 +2,8 @@
 
 ![Workflow](https://github.com/BulatGazizov-dev/DevOps-Core-Course/actions/workflows/python-ci.yml/badge.svg)
 
+[![Ansible Deployment](https://github.com/yBulatGazizov-dev/DevOps-Core-Course/actions/workflows/ansible-deploy.yml/badge.svg)](https://github.com/yBulatGazizov-dev/DevOps-Core-Course/actions/workflows/ansible-deploy.yml)
+
 [![Labs](https://img.shields.io/badge/Labs-18-blue)](#labs)
 [![Exam](https://img.shields.io/badge/Exam-Optional-green)](#exam-alternative)
 [![Duration](https://img.shields.io/badge/Duration-18%20Weeks-lightgrey)](#course-roadmap)

ansible/docs/LAB06.md

@@ -1,21 +1,13 @@
-$ANSIBLE_VAULT;1.1;AES256
-65303433666634303436373461313837653238613463363931643361653664316238623264393266
-3834336566373731306136323631346136643466666436650a356664396463666436646163383565
-64303335303366376537316266346234383761323864623639343035343565356430336461303462
-3161613031356666360a393161313162396363613033323639313264363637373230326532313565
-65643334663232396230616434643730343732646638646131333865643664343064363366643432
-62366635613738393661323062353134356436313135656638656133613866383836396633356235
-65616263316431636133343866643865343031333633306631663366653530303362376533353132
-65303434646666383937396432356261323461613761636539393966303335313034666662383339
-61303062343637613734326531336533346663323931393366323033313534616230653763616566
-31333730626563656530656531313563303433346663356461313364333837316536343864626631
-37303336613536643939376432616332633361653564633037623231316233613562353938383732
-36626264386437376466303763666366366238333831393133323534643532356664366233313132
-62666337393731326133333632313661656533363034663536363535633333303838663839633465
-66633761373963336638623938396139313266646538343534623230376632383331323063626235
-31316132333137633636623532373239313230346133393535616139393438393361323030343739
-36326366393037396266333635373162636338333562313639363332646538623738663233346661
-62366437653532333439313362396636366332343062306463383830343334613235353534333737
-34316461346334666533313662626331363237636335306636646137373861306537393138616639
-65346431383739636238623237643130336630313532333236386163356666666330326562613730
-32303032643639623761
+docker_image: bulatgazizov/python_app
+docker_tag: latest
+app_port: 8000
+app_internal_port: 5000
+app_name: "app"
+
+compose_project_dir: "/opt/{{ app_name }}"
+docker_compose_version: "3.8"
+
+app_env:
+  DEBUG: "false"
+
+app_secret_key: !vault |

ansible/inventory/group_vars/all.yml

@@ -1,5 +1,5 @@
 [webservers]
-your-vm-name ansible_host=45.150.238.55 ansible_user=root ansible_ssh_private_key_file=~/.ssh/id_rsa
+your-vm-name ansible_host=89.169.172.199 ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/id_rsa
 
 [webservers:vars]
 ansible_python_interpreter=/usr/bin/python3

ansible/inventory/hosts.ini

@@ -4,4 +4,4 @@
   become: yes
 
   roles:
-    - app_deploy
+    - web_app

ansible/playbooks/deploy.yml

@@ -1,10 +1,42 @@
 ---
-- name: Update apt cache
-  apt:
-    update_cache: yes
-    cache_valid_time: 3600
+- name: Install packages
+  block:
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+        cache_valid_time: 3600
 
-- name: Install common packages
-  apt:
-    name: "{{ common_packages }}"
-    state: present
+    - name: Install common packages
+      apt:
+        name: "{{ common_packages }}"
+        state: present
+  rescue:
+    - name: Fix missing package sources on failure
+      command: apt-get update --fix-missing
+      when: ansible_failed_task.name == "Update apt cache"   # or check register
+    - name: Retry package installation
+      apt:
+        name: "{{ common_packages }}"
+        state: present
+  always:
+    - name: Log common role completion
+      copy:
+        content: "Common role completed at {{ ansible_date_time.iso8601 }}"
+        dest: /tmp/common_role_complete.log
+  become: true
+  tags:
+    - packages
+    - common
+
+- name: Create user
+  block:
+    - name: Create user
+      user:
+        name: "{{ user_name }}"
+        state: present
+        shell: /bin/bash
+        createhome: yes
+  become: true
+  tags:
+    - users
+    - common

ansible/roles/app_deploy/defaults/main.yml

@@ -1,65 +1,87 @@
 ---
-- name: Update apt cache
-  apt:
-    update_cache: yes
-    cache_valid_time: 3600
+- name: Docker Installation
+  tags:
+    - docker_install
+    - docker
+  block:
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+        cache_valid_time: 3600
 
-- name: Install required system packages
-  apt:
-    name:
-      - curl
-      - ca-certificates
-    state: present
+    - name: Install required system packages
+      apt:
+        name:
+          - curl
+          - ca-certificates
+        state: present
 
-- name: Create keyrings directory
-  file:
-    path: /etc/apt/keyrings
-    state: directory
-    mode: '0755'
+    - name: Create keyrings directory
+      file:
+        path: /etc/apt/keyrings
+        state: directory
+        mode: '0755'
 
-- name: Download Docker's official GPG key
-  get_url:
-    url: https://download.docker.com/linux/debian/gpg
-    dest: /etc/apt/keyrings/docker.asc
-    mode: '0644'
+    - name: Download Docker GPG key
+      block:
+        - name: Download Docker's official GPG key
+          get_url:
+            url: https://download.docker.com/linux/ubuntu/gpg
+            dest: /etc/apt/keyrings/docker.asc
+            mode: '0644'
+      rescue:
+        - name: Wait 10 seconds and retry GPG key download
+          pause:
+            seconds: 10
+        - name: Retry Docker GPG key download
+          get_url:
+            url: https://download.docker.com/linux/ubuntu/gpg
+            dest: /etc/apt/keyrings/docker.asc
+            mode: '0644'
 
-- name: Add Docker repository to apt sources
-  template:
-    src: docker.sources.j2
-    dest: /etc/apt/sources.list.d/docker.sources
-    mode: '0644'
-  vars:
-    codename: "{{ ansible_distribution_release }}"
+    - name: Add Docker repository to apt sources
+      template:
+        src: docker.sources.j2
+        dest: /etc/apt/sources.list.d/docker.sources
+        mode: '0644'
+      vars:
+        codename: "{{ ansible_distribution_release }}"
 
-- name: Update apt cache after adding Docker repo
-  apt:
-    update_cache: yes
+    - name: Update apt cache after adding Docker repo
+      apt:
+        update_cache: yes
 
-- name: Install Docker packages
-  apt:
-    name:
-      - "{{ 'docker-ce' if docker_version == '' else 'docker-ce=' + docker_version }}"
-      - "{{ 'docker-ce-cli' if docker_cli_version == '' else 'docker-ce-cli=' + docker_cli_version }}"
-      - "{{ 'containerd.io' if containerd_version == '' else 'containerd.io=' + containerd_version }}"
-      - docker-buildx-plugin
-      - docker-compose-plugin
-    state: present
-  become: yes
-  notify: restart docker
+    - name: Install Docker packages
+      apt:
+        name:
+          - "{{ 'docker-ce' if docker_version == '' else 'docker-ce=' + docker_version }}"
+          - "{{ 'docker-ce-cli' if docker_cli_version == '' else 'docker-ce-cli=' + docker_cli_version }}"
+          - "{{ 'containerd.io' if containerd_version == '' else 'containerd.io=' + containerd_version }}"
+          - docker-buildx-plugin
+          - docker-compose-plugin
+        state: present
+      notify: restart docker
+  always:
+    - name: Ensure Docker service is running and enabled
+      systemd:
+        name: docker
+        state: started
+        enabled: yes
+  become: true
 
-- name: Ensure Docker service is running and enabled
-  systemd:
-    name: docker
-    state: started
-    enabled: yes
+- name: Docker config
+  tags:
+    - docker_config
+    - docker
+  block:
+    - name: Add user to docker group
+      user:
+        name: "{{ ansible_user }}"
+        groups: docker
+        append: yes
 
-- name: Add user to docker group
-  user:
-    name: "{{ ansible_user }}"
-    groups: docker
-    append: yes
-
-- name: Install python3-docker for Ansible docker modules
-  apt:
-    name: python3-docker
-    state: present
+    - name: Install python3-docker for Ansible docker modules
+      apt:
+        name: python3-docker
+        state: present
+  become: true