Lab17

.flake8

@@ -0,0 +1,4 @@
+[flake8]
+max-line-length = 100
+max-complexity = 10
+exclude = .*,*/__pycache__

.github/workflows/ansible-deploy.yml

@@ -0,0 +1,107 @@
+name: ansible-deploy
+
+on:
+  push:
+    branches:
+      - main
+      - master
+    paths:
+      - "ansible/**"
+      - "!ansible/docs/**"
+      - ".github/workflows/ansible-deploy.yml"
+  pull_request:
+    branches:
+      - main
+      - master
+    paths:
+      - "ansible/**"
+      - "!ansible/docs/**"
+      - ".github/workflows/ansible-deploy.yml"
+
+jobs:
+  lint:
+    name: ansible-lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install Ansible toolchain
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible-core ansible-lint
+          ansible-galaxy collection install -r ansible/requirements.yml
+
+      - name: Run ansible-lint
+        run: |
+          cd ansible
+          ansible-lint playbooks/*.yml roles
+
+  deploy:
+    name: deploy
+    if: github.event_name == 'push'
+    needs: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install Ansible and dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible-core
+          ansible-galaxy collection install -r ansible/requirements.yml
+
+      - name: Configure SSH key
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          VM_HOST: ${{ secrets.VM_HOST }}
+        run: |
+          mkdir -p ~/.ssh
+          printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H "$VM_HOST" >> ~/.ssh/known_hosts
+
+      - name: Prepare inventory and vault password
+        env:
+          VM_HOST: ${{ secrets.VM_HOST }}
+          VM_USER: ${{ secrets.VM_USER }}
+          ANSIBLE_VAULT_PASSWORD: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
+        run: |
+          cat > ansible/inventory/ci_hosts.ini <<EOF
+          [webservers]
+          target ansible_host=$VM_HOST ansible_user=$VM_USER ansible_ssh_private_key_file=~/.ssh/id_rsa
+          EOF
+          printf "%s\n" "$ANSIBLE_VAULT_PASSWORD" > /tmp/vault_pass
+          chmod 600 /tmp/vault_pass
+
+      - name: Deploy with Ansible
+        env:
+          ANSIBLE_LOCAL_TEMP: /tmp/ansible-local-tmp
+          ANSIBLE_REMOTE_TEMP: /tmp/ansible-local-tmp
+          ANSIBLE_HOST_KEY_CHECKING: "false"
+        run: |
+          mkdir -p /tmp/ansible-local-tmp
+          cd ansible
+          ansible-playbook playbooks/deploy.yml \
+            -i inventory/ci_hosts.ini \
+            --vault-password-file /tmp/vault_pass
+
+      - name: Verify deployment
+        env:
+          VM_HOST: ${{ secrets.VM_HOST }}
+          APP_PORT: ${{ secrets.APP_PORT || '5000' }}
+        run: |
+          sleep 10
+          curl --fail "http://$VM_HOST:$APP_PORT/"
+          curl --fail "http://$VM_HOST:$APP_PORT/health"

.github/workflows/python-ci.yml

@@ -0,0 +1,34 @@
+name: python-ci
+on:
+  push:
+    paths:
+      - app_python/**
+      - .github/workflows/python-ci.yml
+
+jobs:
+  lint:
+    permissions: write-all
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [3.14]
+        poetry-version: [2.3.2]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    defaults:
+      run:
+        working-directory: ./app_python
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+      - uses: snok/install-poetry@v1
+        with:
+          version: ${{ matrix.poetry-version }}
+      - name: Install Dependencies
+        run: poetry install --no-root
+      - name: run flake8
+        run: poetry run flake8 src tests
+      - name: run pytest
+        run: poetry run pytest

.gitignore

@@ -1 +1,29 @@
-test
+test
+
+# Terraform state and local cache
+*.tfstate
+*.tfstate.*
+.terraform/
+.terraform.lock.hcl
+
+# Terraform variable files (often contain secrets)
+terraform.tfvars
+*.tfvars
+*.tfvars.json
+
+# Pulumi secrets/state
+pulumi/venv/
+pulumi/.venv/
+Pulumi.*.yaml
+
+# Cloud credentials and keys
+*.pem
+*.key
+*.json
+credentials
+
+# Ansible
+*.retry
+.vault_pass
+ansible/inventory/*.pyc
+__pycache__/

.vault_pass

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+printf '%s\n' 'lab05-local-pass'

README.md

@@ -1,5 +1,6 @@
 # DevOps Engineering: Core Practices
 
+[![Ansible Deploy](https://github.com/nonamecorn/DevOps-Core-Course/actions/workflows/ansible-deploy.yml/badge.svg)](https://github.com/nonamecorn/DevOps-Core-Course/actions/workflows/ansible-deploy.yml)
 [![Labs](https://img.shields.io/badge/Labs-18-blue)](#labs)
 [![Exam](https://img.shields.io/badge/Exam-Optional-green)](#exam-alternative)
 [![Duration](https://img.shields.io/badge/Duration-18%20Weeks-lightgrey)](#course-roadmap)
@@ -38,8 +39,8 @@ Master **production-grade DevOps practices** through hands-on labs. Build, conta
 | 15 | 15 | StatefulSets | Persistent Storage, Headless Services |
 | 16 | 16 | Cluster Monitoring | Kube-Prometheus, Init Containers |
 | — | **Exam Alternative Labs** | | |
-| 17 | 17 | Edge Deployment | Fly.io, Global Distribution |
-| 18 | 18 | Decentralized Storage | 4EVERLAND, IPFS, Web3 |
+| 17 | 17 | Edge Deployment | Cloudflare Workers, Global Edge |
+| 18 | 18 | Reproducible Builds | Nix, Deterministic Builds, Flakes |
 
 ---
 
@@ -60,8 +61,8 @@ Don't want to take the exam? Complete **both** bonus labs:
 
 | Lab | Topic | Points |
 |-----|-------|--------|
-| **Lab 17** | Fly.io Edge Deployment | 20 pts |
-| **Lab 18** | 4EVERLAND & IPFS | 20 pts |
+| **Lab 17** | Cloudflare Workers Edge Deployment | 20 pts |
+| **Lab 18** | Reproducible Builds with Nix | 20 pts |
 
 **Requirements:**
 - Complete both labs (17 + 18 = 40 pts, replaces exam)
@@ -142,7 +143,7 @@ Each lab is worth **10 points** (main tasks) + **2.5 points** (bonus).
 - StatefulSets, Monitoring
 
 **Exam Alternative (Labs 17-18)**
-- Fly.io, 4EVERLAND/IPFS
+- Cloudflare Workers, Nix Reproducible Builds
 
 </details>
 

ansible/.ansible/collections/ansible_collections/community/docker/plugins/modules/docker_compose_v2.py

@@ -0,0 +1,32 @@
+# This is a mocked Ansible module generated by ansible-lint
+from ansible.module_utils.basic import AnsibleModule
+
+DOCUMENTATION = '''
+module: community.docker.docker_compose_v2
+
+short_description: Mocked
+version_added: "1.0.0"
+description: Mocked
+
+author:
+    - ansible-lint (@nobody)
+'''
+EXAMPLES = '''mocked'''
+RETURN = '''mocked'''
+
+
+def main():
+    result = dict(
+        changed=False,
+        original_message='',
+        message='')
+
+    module = AnsibleModule(
+        argument_spec=dict(),
+        supports_check_mode=True,
+    )
+    module.exit_json(**result)
+
+
+if __name__ == "__main__":
+    main()

ansible/.ansible/collections/ansible_collections/community/docker/plugins/modules/docker_container.py

@@ -0,0 +1,32 @@
+# This is a mocked Ansible module generated by ansible-lint
+from ansible.module_utils.basic import AnsibleModule
+
+DOCUMENTATION = '''
+module: community.docker.docker_container
+
+short_description: Mocked
+version_added: "1.0.0"
+description: Mocked
+
+author:
+    - ansible-lint (@nobody)
+'''
+EXAMPLES = '''mocked'''
+RETURN = '''mocked'''
+
+
+def main():
+    result = dict(
+        changed=False,
+        original_message='',
+        message='')
+
+    module = AnsibleModule(
+        argument_spec=dict(),
+        supports_check_mode=True,
+    )
+    module.exit_json(**result)
+
+
+if __name__ == "__main__":
+    main()

ansible/.ansible/collections/ansible_collections/community/docker/plugins/modules/docker_login.py

@@ -0,0 +1,32 @@
+# This is a mocked Ansible module generated by ansible-lint
+from ansible.module_utils.basic import AnsibleModule
+
+DOCUMENTATION = '''
+module: community.docker.docker_login
+
+short_description: Mocked
+version_added: "1.0.0"
+description: Mocked
+
+author:
+    - ansible-lint (@nobody)
+'''
+EXAMPLES = '''mocked'''
+RETURN = '''mocked'''
+
+
+def main():
+    result = dict(
+        changed=False,
+        original_message='',
+        message='')
+
+    module = AnsibleModule(
+        argument_spec=dict(),
+        supports_check_mode=True,
+    )
+    module.exit_json(**result)
+
+
+if __name__ == "__main__":
+    main()

ansible/ansible.cfg

@@ -0,0 +1,11 @@
+[defaults]
+inventory = inventory/hosts.ini
+roles_path = roles
+host_key_checking = False
+remote_user = ubuntu
+retry_files_enabled = False
+
+[privilege_escalation]
+become = True
+become_method = sudo
+become_user = root