Commit e8ba4bac authored by Daniele Santoro's avatar Daniele Santoro
Browse files

Release lab lesson 3

parent 347a0584
......@@ -29,3 +29,14 @@ by us distributing a =Vagrantfile= and a =provisioning script=.
- [[file:e01/][Exercise 01 - Install required tools]]
- [[file:e02/][Exercise 02 - Start and Check your 1st Environment]]
- [[file:e03/][Exercise 03 - Customise and Share the Environment]]
* Lab02-20220408
- [[file:e04/][Exercise 04 - Generate and upload your SSH key]]
- [[file:e05/][Exercise 05 - Setup an SSH tunnel and use it as a socks proxy in a web Browser]]
- [[file:e06/][Exercise 06 - Advanced deployment: Provision with Vagrant and Configure with Ansible]]
- [[file:e07/][Exercise 07 - Deploy a webserver and access the main page via a browser]]
* Lab03_20220412
- [[file:e08/][Exercise 8 - Create a Vagant VM for Docker]]
- [[file:e09][Exercise 9 - Install and Verify Docker]]
- [[file:e10][Exercise 10 - Hello World with Docker]]
- [[file:e11][Exercise 11 - Build a custom Docker image]]
# -*- mode: ruby -*-
# vi: set ft=ruby :
ANSIBLE_LOGLEVEL = ENV['ANSIBLE_LOGLEVEL'] || "v"
ANSIBLE_PLAYBOOK = ENV['ANSIBLE_PLAYBOOK'] || "provision-dockerhost.yml"
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/focal64"
config.vm.hostname = "docker-host"
config.vm.provider "virtualbox" do |vb|
vb.memory = "4096"
vb.cpus = "4"
end
config.vm.provision :ansible do |ansible|
ansible.verbose = ANSIBLE_LOGLEVEL
ansible.playbook = ANSIBLE_PLAYBOOK
end
end
* Exercise 04 - Generate and upload your SSH key
- Time :: 10 minutes
- Try by yourself and ask for support
- Give an hack when completed succesfully
- Give an ack when completed succesfully
- Description :: If you do not have already one, generate an ssh key and save it on your laptop. Then move the key on the lab virtual-machine in order to use public/private authentication. Check that you are able to login on the lab VM without typing your password.
......
* Exercise 05 - Setup an SSH tunnel and use it as a socks proxy in a web Browser
- Time :: 15 minutes
- 10 minutes: /Try by yourself and ask for support/
- Give an hack when completed succesfully
- Give an ack when completed succesfully
- 5 mintues: /Cross check and Verify/
- Description :: Setup a browser to use SSH based Socks Proxy tunnel. Create a tunnel from your laptop to the Lan VM. Finally verify that you, and only you, are able to reach your VM behind the firewall using this setup.
......
* Exercise 06 - Advanced deployment: Provision with Vagrant and Configure with Ansible
- Time :: 20 minutes
- 10 minutes: /Try by yourself and ask for support/
- Give an hack when completed succesfully
- Give an ack when completed succesfully
- 10 mintues: /Cross check and Verify/
......
* Exercise 07 - Deploy a webserver and access the main page via a browser
- Time :: 20 minutes
- 10 minutes: /Try by yourself and ask for support/
- Give an hack when completed succesfully
- Give an ack when completed succesfully
- 10 mintues: /Cross check and Verify/
- Description :: Provision a Virtual Machine using Vagrant as you did in [[file:../e06][e06]]. This time you should install an =Apache2 Web Server= on the VM. Moreover, once the new service is installed you must check it is working: first via CLI inside the VM and then using a browser from your laptop. Is the laptop allopwed to reach the VM using the SSH Socks Proxy configured so far?
- Description :: Provision a Virtual Machine using Vagrant as you did in [[file:../e06][e06]]. This time you should install an =Apache2 Web Server= on the VM. Moreover, once the new service is installed you must check if it is working: first via CLI inside the VM and then using a browser from your laptop. Is the laptop allowed to reach the VM using the SSH Socks Proxy configured so far?
* Solutions and Instructions
** Deploy and Provision the VM
Read the Ansible playbook: [[file:provision.yml][=provision.yml=]]
Deploy and provision the VM
#+begin_src sh
vagrant up
#+end_src
** Check the connection
Check inside the guest if the webserver is running
#+begin_src sh
vagrant ssh
lynx http://localhost
#+end_src
Check from the host and from the (proxied) browser if the webserver is running
#+begin_src sh
exit
curl http://localhost
#+end_src
Open the browser and visit =http://localhost=
** Expose a service running in the guest on the host
Forward a guest port on the host to expose apache in the host
#+begin_src sh
vagrant ssh -- -L 8888:localhost:80
#+end_src
As soon as the above channel stays open, apache2 will be available from the browser
# -*- mode: ruby -*-
# vi: set ft=ruby :
ANSIBLE_LOGLEVEL = ENV['ANSIBLE_LOGLEVEL'] || "v"
ANSIBLE_PLAYBOOK = ENV['ANSIBLE_PLAYBOOK'] || "provision.yml"
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "ubuntu/focal64"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# Customize the amount of memory on the VM:
vb.memory = "2048"
end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
# Shared configuration
config.vm.provision :ansible do |ansible|
ansible.verbose = ANSIBLE_LOGLEVEL
ansible.playbook = ANSIBLE_PLAYBOOK
end
end
---
# File: provision.yml - Install an apache2 web-server
- hosts: all
become: true
tasks:
- name: Upgrade the OS (apt-get dist-upgrade)
apt:
upgrade: dist
- name: Run the equivalent of "apt-get update" as a separate step
apt:
update_cache: yes
- name: Install apache2
apt:
pkg:
- apache2
- lynx
\ No newline at end of file
* Exercise 8 - Create a Vagant VM for Docker
- Time :: 10 minutes
- 6 minutes: /Try by yourself and ask for support/
- Give an ack when completed succesfully
- 4 mintues: /Cross check and Verify/
- Description :: Create a dedicated virtual machine to use for as docker host. This VM can be used for multiple exercises.
* Solutions and Instructions
** Create a Vagrant VM for Docker
Move to the root folder of this repository, and check where you are
#+begin_src sh
cd ..
pwd
#+end_src
Create a VirtualBox VM using Vagrant to act as =docker-host=
#+begin_src sh
vagrant up
#+end_src
* Exercise 9 - Install and Verify Docker
- Time :: 8 minutes
- 4 minutes: /Try by yourself and ask for support/
- Give an ack when completed succesfully
- 4 mintues: /Cross check and Verify/
- Description :: Install the Docker engine and test it is working.
* Solutions and Instructions
** Install Docker on your Lab Virtual Machine
Install Docker
#+BEGIN_SRC sh
sudo apt-get install docker.io -y
#+END_SRC
Enable ubuntu user to use Docker
#+BEGIN_SRC sh
sudo usermod -aG docker $USER
#+END_SRC
Logout & Login again
** Test Docker installation
View installed Docker version
#+BEGIN_SRC sh
docker version
#+END_SRC
View available images
#+BEGIN_SRC sh
docker images
#+END_SRC
View running containers
#+BEGIN_SRC sh
docker ps
#+END_SRC
* Exercise 10 - Hello World with Docker
- Time :: 13 minutes
- 5 minutes: /Try by yourself and ask for support/
- Give an ack when completed succesfully
- 8 minutes: /Cross check and Verify/
- Description :: Start a generic container and practice with the Docker commands we have seen so far.
1) Run a =jpetazzo/clock= container
2) Try to understand how the startup happens
3) Check if the container is in execution (/tip: you may need another shell/)
4) List container images
5) Practice with =docker logs= and =docker inspect=
6) Stop the container
7) Show stopped containers
8) Remove the container
9) Remove the image
10) Verify that the container has been removed together with its image
* Solutions and Instructions
1) Run a =jpetazzo/clock= container
#+BEGIN_SRC sh
docker run jpetazzo/clock
#+END_SRC
2) Try to understand how the startup happens
#+BEGIN_EXAMPLE
Unable to find image 'jpetazzo/clock:latest' locally
latest: Pulling from jpetazzo/clock
0f8c40e1270f: Pull complete
Digest: sha256:ace75dda37174abb563799a8b9b2043505619559fe1120a26a63363dc48bcd26
Status: Downloaded newer image for jpetazzo/clock:latest
Wed Apr 15 09:47:47 UTC 2020
Wed Apr 15 09:47:48 UTC 2020
#+END_EXAMPLE
3) Check if the container is in execution (/tip: you may need another shell/)
#+BEGIN_SRC sh
docker ps
#+END_SRC
4) List container images
#+BEGIN_SRC sh
docker images
#+END_SRC
5) Practice with =docker logs= and =docker inspect=
#+BEGIN_SRC sh
export CONTAINER=YOUR_CONTAINER_ID
docker logs $CONTAINER
docker inspect $CONTAINER | jq -C .[] | less -RN
docker inspect $CONTAINER | jq -C .[].Path | cat -n
docker inspect $CONTAINER | jq -C .[].Args | cat -n
docker inspect $CONTAINER | jq -C .[].State | cat -n
docker inspect $CONTAINER | jq -C .[].Name | cat -n
#+END_SRC
6) Stop the container
#+BEGIN_SRC sh
docker stop $CONTAINER
#+END_SRC
7) Show stopped containers
#+BEGIN_SRC sh
docker ps -a
#+END_SRC
8) Remove the container
#+BEGIN_SRC sh
docker rm $CONTAINER
#+END_SRC
9) Remove the image
#+BEGIN_SRC sh
docker image rm jpetazzo/clock
#+END_SRC
10) Verify that the container has been removed together with its image
#+BEGIN_SRC sh
docker ps
docker images
#+END_SRC
* Exercise 11 – Build a custom Docker image
- Time :: 17 minutes
- 7 minutes: /Try by yourself/
- 10 minutes: /Check, Verify, Ask/
- Description :: Create a personalised image starting from a generic one. Understand how and why your image is different from the initial one. Play with layers and start a container based on the custom image.
* Solutions and Instructions
** Start an ubuntu based image
#+BEGIN_SRC
docker run -it ubuntu
#+END_SRC
** Try to use the figlet utility
You should get an error since it is not present on the default ubuntu container.
#+BEGIN_SRC sh
figlet "Fog and Cloud Course"
#+END_SRC
** Install a package and use it
#+BEGIN_SRC sh
apt-get update
apt-get install figlet
figlet "Fog and Cloud Course"
exit
#+END_SRC
** Show differences from the base image
#+BEGIN_SRC sh
docker diff <containerID>
#+END_SRC
** Commit changes creating a new layer and the respective image.
#+BEGIN_SRC sh
docker commit <containerID>
#+END_SRC
The output is the new image ID (=newImageID=)
Look at images now
#+BEGIN_SRC sh
docker images
#+END_SRC
** Start a new container from that image
#+BEGIN_SRC sh
docker run -it <newImageID>
#+END_SRC
Exit from that container
#+BEGIN_SRC sh
exit
#+END_SRC
** Give a name to the image
#+BEGIN_SRC sh
docker tag <newImageID> figlet-${USER: -3}
#+END_SRC
Or specify the tag as an extra argument of the commit
#+BEGIN_SRC sh
docker commit <containerID> figlet-${USER: -3}
#+END_SRC
** Look at the available images
#+BEGIN_SRC sh
docker images
#+END_SRC
** Understand how layers are the building block of images
Look at the differences between =figlet= image and =ubuntu= image.
#+BEGIN_SRC sh
docker inspect ubuntu | jq -C .[].RootFS | cat -n
docker inspect figlet-${USER: -3} | jq -C .[].RootFS | cat -n
#+END_SRC
** Start a container based on that image using name
#+BEGIN_SRC sh
docker run -it figlet-${USER: -3}
#+END_SRC
** Use the binary that is already available this time
#+BEGIN_SRC sh
figlet "Fog and Cloud Course"
#+END_SRC
---
# File: provision.yml
- hosts: all
become: true
tasks:
- name: Upgrade the OS (apt-get dist-upgrade)
apt:
upgrade: dist
- name: Run the equivalent of "apt-get update" as a separate step
apt:
update_cache: yes
- name: Install required packages
apt:
pkg:
- htop
- snapd
- figlet
- jq
- name: Install yq via snap
snap:
name:
- yq
- name: Add a figlet customisation to our login
ansible.builtin.lineinfile:
path: /home/vagrant/.bashrc
line: figlet My docker-host
create: yes
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment