DEV Community: Afeez Oluwashina Adeboye The latest articles on DEV Community by Afeez Oluwashina Adeboye (@afeezaa). https://dev.to/afeezaa https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1134087%2F1ed05d75-ed16-4e86-93eb-09a0e7f3d359.jpeg DEV Community: Afeez Oluwashina Adeboye https://dev.to/afeezaa en Customizing and Deploying a Static Website with NGINX on AWS EC2 Afeez Oluwashina Adeboye Wed, 29 Jan 2025 13:58:12 +0000 https://dev.to/afeezaa/deploying-nginx-on-an-aws-ec2-instance-devops-stage-0-501g https://dev.to/afeezaa/deploying-nginx-on-an-aws-ec2-instance-devops-stage-0-501g <h2> <strong>Introduction</strong> </h2> <p>As part of the DevOps Stage 0 task, I was required to install and configure <strong>NGINX</strong> on an Ubuntu server, setting up a custom HTML page as the default page. To demonstrate automation skills, I chose to deploy this setup on an <strong>AWS EC2 instance</strong> using <strong>user-data scripting</strong> for automatic configuration.</p> <h2> <strong>Approach</strong> </h2> <p>To complete this task, I followed these steps:</p> <h3> <strong>1. Launching the EC2 Instance</strong> </h3> <ul> <li>Logged into AWS and navigated to <strong>EC2 Dashboard</strong>.</li> <li>Created a new <strong>Ubuntu 22.04 LTS</strong> instance.</li> <li>Chose <strong>t2.micro</strong> (free-tier eligible).</li> <li>Configured security group rules to allow <strong>SSH (port 22)</strong> but forgot to open <strong>HTTP (port 80)</strong> initially.</li> <li>Attached a key pair for secure SSH access.</li> </ul> <h3> <strong>2. Using User-Data for Automated Setup</strong> </h3> <p>To automate the NGINX installation and configuration, I used the following <strong>user-data</strong> script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt upgrade <span class="nt">-y</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> nginx <span class="nb">sudo </span>systemctl <span class="nb">enable </span>nginx <span class="nb">sudo </span>systemctl start nginx <span class="nb">echo</span> <span class="s2">"&lt;html&gt;&lt;body&gt;&lt;h1&gt;Welcome to DevOps Stage 0 - Afeez Adeboye/A.A&lt;/h1&gt;&lt;/body&gt;&lt;/html&gt;"</span> | <span class="nb">sudo tee</span> /var/www/html/index.html <span class="nb">sudo </span>systemctl restart nginx </code></pre> </div> <h3> <strong>3. Encountered Issues and Fixes</strong> </h3> <h4> <strong>Issue 1: Port 80 Not Open</strong> </h4> <p>Since I relied on <strong>user-data</strong> for configuration, I initially forgot to open <strong>port 80</strong> in the security group. As a result, I thought NGINX was not working. <strong>Fix:</strong> I manually updated the security group to allow <strong>HTTP (port 80)</strong>.</p> <h4> <strong>Issue 2: Browser Redirecting to HTTPS</strong> </h4> <p>When I tried accessing the instance via a web browser, it kept redirecting to <strong>HTTPS</strong>, but the project only required <strong>HTTP</strong>. <strong>Fix:</strong> I had to explicitly type <code>http://</code> instead of relying on automatic redirection.</p> <h2> <strong>Final Verification</strong> </h2> <p>Once the fixes were applied:</p> <ul> <li>Visiting <code>http://&lt;EC2-PUBLIC-IP&gt;</code> displayed: </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fohygxttyvy2h87lhihi0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fohygxttyvy2h87lhihi0.png" alt="web display page" width="800" height="138"></a></p> <h2> <strong>Learning &amp; Takeaways</strong> </h2> <p>This task reinforced key DevOps concepts, including:<br> ✅ Automating server setup using <strong>user-data</strong>.<br> ✅ Managing AWS security groups effectively.<br> ✅ Troubleshooting web server issues related to ports and protocols.<br> ✅ Understanding how <strong>NGINX</strong> serves static files.</p> <h2> Hiring DevOps and Cloud Engineers </h2> <p>If you're looking to hire skilled professionals in <strong>DevOps</strong> or <strong>Cloud Engineering</strong>, check out these resources:</p> <ul> <li><a href="https://hng.tech/hire/devops-engineers" rel="noopener noreferrer">DevOps Engineers</a></li> <li><a href="https://hng.tech/hire/cloud-engineers" rel="noopener noreferrer">Cloud Engineers</a></li> </ul> Implementing a Complete GitOps Pipeline: Infrastructure Provisioning and Application Deployment Automation Afeez Oluwashina Adeboye Sun, 15 Dec 2024 22:17:42 +0000 https://dev.to/afeezaa/implementing-a-complete-gitops-pipeline-infrastructure-provisioning-and-application-deployment-bpk https://dev.to/afeezaa/implementing-a-complete-gitops-pipeline-infrastructure-provisioning-and-application-deployment-bpk <h2> Introduction </h2> <p>In this article, I'll walk you through implementing a complete GitOps pipeline that handles both infrastructure provisioning and application deployment. We'll use a combination of Terraform, Ansible, and Docker to create a fully automated CI/CD pipeline that follows best practices and maintains clear separation of concerns.</p> <blockquote> <p>🔗 <strong>Project Repository</strong>: <a href="https://github.com/Afeez-AA/automated-full-stack-gitops.git" rel="noopener noreferrer">DevOps Pipeline Project</a></p> </blockquote> <p>You can find all the code and configurations discussed in this article in the repository above. Feel free to star ⭐ it if you find it helpful!</p> <p>In modern DevOps practices, automation is key to maintaining reliable and efficient software delivery. This project demonstrates the implementation of a comprehensive GitOps pipeline that handles both infrastructure provisioning and application deployment through automated workflows. By leveraging tools such as Terraform, Ansible, and Docker, along with GitHub Actions, we've created a system that ensures consistent infrastructure deployment, cost-aware planning, and automated application updates.</p> <p>The solution addresses common challenges in DevOps practices:</p> <ul> <li>How to maintain infrastructure as code with proper validation and cost control</li> <li>How to automate monitoring system deployment alongside infrastructure</li> <li>How to manage application deployments with proper versioning and rollout</li> <li>How to keep infrastructure and application deployments separate yet coordinated</li> </ul> <h2> Architecture Overview </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpo1ddqjo4rg6cdirajpt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpo1ddqjo4rg6cdirajpt.png" alt="architecture" width="800" height="566"></a></p> <h2> Project Overview </h2> <h3> Core Components and Workflow Structure </h3> <p>The project is organized into two main pipelines:</p> <ol> <li> <p><strong>Infrastructure Pipeline</strong> (<code>infra_features</code> → <code>infra_main</code>)</p> <ul> <li>Handles all infrastructure provisioning through Terraform</li> <li>Automatically deploys monitoring stack using Ansible</li> <li>Includes cost estimation for infrastructure changes</li> <li>Located in main branch for centralized workflow management and also in each branch for proper triggers</li> </ul> </li> <li> <p><strong>Application Pipeline</strong> (<code>integration</code> → <code>deployment</code>)</p> <ul> <li>Manages application container builds and deployments</li> <li>Handles Docker image versioning and updates</li> <li>Automates deployment to provisioned infrastructure</li> </ul> </li> </ol> <h3> Workflow Triggers and Placement </h3> <ol> <li> <p>Infrastructure Workflows:</p> <ul> <li> <code>terraform-validate.yml</code>: Triggers on push to <code>infra_features</code> </li> <li> <code>terraform-plan.yml</code>: Triggers on PR to <code>infra_main</code> </li> <li> <code>terraform-apply.yml</code>: Triggers on PR merge to <code>infra_main</code> </li> <li> <code>ansible-monitoring.yml</code>: Triggers after successful terraform apply</li> </ul> </li> <li> <p>Application Workflows:</p> <ul> <li> <code>ci-application.yml</code>: Triggers on push to <code>integration</code> </li> <li> <code>cd-application.yml</code>: Triggers on PR merge to <code>deployment</code> </li> </ul> </li> </ol> <h3> Expected Outcomes </h3> <ol> <li> <p>Infrastructure Pipeline:</p> <ul> <li>Automated validation of Terraform configurations</li> <li>Cost estimation in PR comments</li> <li>Provisioned AWS infrastructure</li> <li>Deployed monitoring stack (Prometheus, Grafana, etc.)</li> </ul> </li> <li> <p>Application Pipeline:</p> <ul> <li>Built and versioned Docker images</li> <li>Updated docker-compose configurations</li> <li>Deployed application stack to infrastructure</li> </ul> </li> </ol> <p>The separation of concerns is maintained through:</p> <ul> <li>Different branches for infrastructure and application code</li> <li>Separate workflows for different stages of deployment</li> <li>Clear triggers that prevent unintended deployments</li> </ul> <p>This structure ensures that:</p> <ol> <li>Infrastructure changes are validated and cost-estimated before deployment</li> <li>Application deployments only occur on properly provisioned infrastructure</li> <li>Monitoring is always in place before application deployment</li> <li>Changes can be tracked and reversed if needed. </li> </ol> <h2> Infrastructure Configuration Pipeline Deep Dive </h2> <h3> terraform-validate.yml </h3> <p>This workflow is our first quality gate for infrastructure changes. While it exists in the main branch for centralization, it must also exist in the <code>infra_features</code> branch to properly trigger on push events.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Validate</span> <span class="na">run-name</span><span class="pi">:</span> <span class="s">${{ github.actor }} triggered Terraform validation</span> <span class="na">on</span><span class="pi">:</span> <span class="na">workflow_dispatch</span><span class="pi">:</span> <span class="c1"># Allows manual trigger</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">infra_features</span> <span class="c1"># Trigger on pushes to infra_features branch</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">terraform/**'</span> <span class="c1"># Only trigger if files in the terraform directory change</span> <span class="na">env</span><span class="pi">:</span> <span class="c1"># AWS Credentials</span> <span class="na">AWS_ACCESS_KEY_ID</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_ACCESS_KEY_ID }}</span> <span class="na">AWS_SECRET_ACCESS_KEY</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_SECRET_ACCESS_KEY }}</span> <span class="na">TF_VAR_aws_region</span><span class="pi">:</span> <span class="s">${{ vars.AWS_REGION }}</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">validate</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Validate</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout Specific Branch</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">ref</span><span class="pi">:</span> <span class="s">${{ github.ref }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Debug Branch Information</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "Triggered by branch: ${{ github.ref }}"</span> <span class="s">echo "Current branch: $(git branch --show-current)"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up Terraform</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">hashicorp/setup-terraform@v2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Validate Terraform Formatting</span> <span class="na">id</span><span class="pi">:</span> <span class="s">fmt-check</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform fmt -check</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">terraform</span> <span class="na">continue-on-error</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># Continue even if there are formatting issues</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Fix Terraform Formatting Issues</span> <span class="na">if</span><span class="pi">:</span> <span class="s">failure()</span> <span class="c1"># Run only if the previous step fails</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform fmt</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">terraform</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Init</span> <span class="na">id</span><span class="pi">:</span> <span class="s">init</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform init</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">terraform</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Validate</span> <span class="na">id</span><span class="pi">:</span> <span class="s">validate</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform validate</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">terraform</span> </code></pre> </div> <h4> Key Components: </h4> <ol> <li> <p><strong>Triggers</strong>:</p> <ul> <li>Push events to <code>infra_features</code> branch</li> <li>Manual trigger via workflow_dispatch</li> <li>Path filters for terraform directory changes</li> </ul> </li> <li> <p><strong>Environment Setup</strong>:</p> <ul> <li>AWS credentials configuration </li> <li>Region specification from variables</li> </ul> </li> <li> <p><strong>Validation Steps</strong>:</p> <ul> <li>Checkout code</li> <li>Setup Terraform</li> <li>Check and fix Terraform formatting</li> <li>Initialize and validate Terraform configurations</li> </ul> </li> </ol> <h4> The workflow ensures: </h4> <ul> <li>Early detection of configuration errors</li> <li>Consistent code formatting</li> <li>Basic syntax and configuration checks</li> <li>Automatic format fixing when issues are found</li> <li>Immediate feedback to developers</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5dch982zsx5csffe9p4p.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5dch982zsx5csffe9p4p.png" alt="Terraform validate" width="800" height="388"></a></p> <h3> terraform-plan.yml </h3> <p>This workflow handles infrastructure planning and cost estimation. It exists in both main and <code>infra_main</code> branches to provide cost insights before any infrastructure changes are approved.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Plan and Cost Estimation</span> <span class="na">on</span><span class="pi">:</span> <span class="na">workflow_dispatch</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">infra_main</span> <span class="na">types</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">opened</span> <span class="pi">-</span> <span class="s">synchronize</span> <span class="pi">-</span> <span class="s">reopened</span> <span class="na">permissions</span><span class="pi">:</span> <span class="na">pull-requests</span><span class="pi">:</span> <span class="s">write</span> <span class="na">env</span><span class="pi">:</span> <span class="na">AWS_ACCESS_KEY_ID</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_ACCESS_KEY_ID }}</span> <span class="na">AWS_SECRET_ACCESS_KEY</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_SECRET_ACCESS_KEY }}</span> <span class="na">TF_VAR_aws_region</span><span class="pi">:</span> <span class="s">${{ vars.AWS_REGION }}</span> <span class="na">TF_VAR_ami_id</span><span class="pi">:</span> <span class="s">${{ vars.AMI_ID }}</span> <span class="na">TF_VAR_instance_type</span><span class="pi">:</span> <span class="s">${{ vars.INSTANCE_TYPE }}</span> <span class="na">TF_VAR_key_pair_name</span><span class="pi">:</span> <span class="s">${{ vars.KEY_PAIR_NAME }}</span> <span class="na">TF_VAR_instance_name</span><span class="pi">:</span> <span class="s">${{ vars.INSTANCE_NAME }}</span> <span class="na">TF_VAR_domain_name</span><span class="pi">:</span> <span class="s">${{ vars.DOMAIN_NAME }}</span> <span class="na">TF_VAR_frontend_domain</span><span class="pi">:</span> <span class="s">${{ vars.FRONTEND_DOMAIN }}</span> <span class="na">TF_VAR_db_domain</span><span class="pi">:</span> <span class="s">${{ vars.DB_DOMAIN }}</span> <span class="na">TF_VAR_traefik_domain</span><span class="pi">:</span> <span class="s">${{ vars.TRAEFIK_DOMAIN }}</span> <span class="na">TF_VAR_grafana_domain</span><span class="pi">:</span> <span class="s">${{ vars.GRAFANA_DOMAIN }}</span> <span class="na">TF_VAR_prometheus_domain</span><span class="pi">:</span> <span class="s">${{ vars.PROMETHEUS_DOMAIN }}</span> <span class="na">TF_VAR_cert_email</span><span class="pi">:</span> <span class="s">${{ vars.CERT_EMAIL }}</span> <span class="na">TF_VAR_private_key_path</span><span class="pi">:</span> <span class="s">${{ vars.PRIVATE_KEY_PATH }}</span> <span class="na">TF_VAR_app_dir</span><span class="pi">:</span> <span class="s">${{ vars.APP_DIR }}</span> <span class="na">TF_VAR_repo</span><span class="pi">:</span> <span class="s">${{ vars.REPO }}</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">terraform-plan</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Plan and Cost Estimation</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout PR Branch</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">ref</span><span class="pi">:</span> <span class="s">${{ github.head_ref }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout Base Branch</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">ref</span><span class="pi">:</span> <span class="s">${{ github.base_ref }}</span> <span class="na">path</span><span class="pi">:</span> <span class="s">base-branch</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Debug Branch Information</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "Base branch: ${{ github.base_ref }}"</span> <span class="s">echo "Head branch: ${{ github.head_ref }}"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Prepare Terraform</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">hashicorp/setup-terraform@v2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Initialize Terraform Configuration</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform init</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">terraform</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Generate Terraform Plan</span> <span class="na">id</span><span class="pi">:</span> <span class="s">tf_plan</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">terraform plan -out=tfplan -lock=false</span> <span class="s">terraform show -no-color tfplan &gt; /tmp/plan_output.txt</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">terraform</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install Cost Analysis Tool</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">infracost/actions/setup@v2</span> <span class="na">with</span><span class="pi">:</span> <span class="na">api-key</span><span class="pi">:</span> <span class="s">${{ secrets.INFRACOST_API_KEY }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Perform Base Branch Cost Breakdown</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">cd base-branch/terraform</span> <span class="s">infracost breakdown --path=. --format=json &gt; /tmp/base_cost_analysis.json</span> <span class="na">continue-on-error</span><span class="pi">:</span> <span class="kc">true</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Perform Current Branch Cost Breakdown</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">cd terraform</span> <span class="s">infracost breakdown --path=. --format=json &gt; /tmp/current_cost_analysis.json</span> <span class="s">infracost breakdown --path=. --format=table &gt; /tmp/cost_summary.txt</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Generate Cost Difference</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">infracost diff \</span> <span class="s">--path=terraform \</span> <span class="s">--compare-to=/tmp/base_cost_analysis.json \</span> <span class="s">--format=json &gt; /tmp/cost_difference.json || true</span> <span class="na">continue-on-error</span><span class="pi">:</span> <span class="kc">true</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Prepare Workflow Report</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/github-script@v6</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.event_name == 'pull_request'</span> <span class="na">with</span><span class="pi">:</span> <span class="na">github-token</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">const fs = require('fs');</span> <span class="s">const planContent = fs.readFileSync('/tmp/plan_output.txt', 'utf8');</span> <span class="s">const costSummary = fs.readFileSync('/tmp/cost_summary.txt', 'utf8');</span> <span class="s">const commentBody = `### 🔍 Infrastructure Validation Report</span> <span class="s">&lt;details&gt;</span> <span class="s">&lt;summary&gt;📋 Terraform Plan Insights 📋&lt;/summary&gt;</span> <span class="s">\`\`\`terraform</span> <span class="s">${planContent}</span> <span class="s">\`\`\`</span> <span class="s">&lt;/details&gt;</span> <span class="s">&lt;details&gt;</span> <span class="s">&lt;summary&gt;💰 Cost Estimation Overview 💰&lt;/summary&gt;</span> <span class="s">\`\`\`</span> <span class="s">${costSummary}</span> <span class="s">\`\`\`</span> <span class="s">&lt;/details&gt;</span> <span class="s">*Analysis triggered by @${{ github.actor }}*`;</span> <span class="s">github.rest.issues.createComment({</span> <span class="s">issue_number: context.issue.number,</span> <span class="s">owner: context.repo.owner,</span> <span class="s">repo: context.repo.repo,</span> <span class="s">body: commentBody</span> <span class="s">});</span> </code></pre> </div> <h4> Key Components: </h4> <ol> <li> <p><strong>Triggers</strong>:</p> <ul> <li>Pull requests to <code>infra_main</code> branch</li> <li>PR events: opened, synchronized, reopened</li> <li>Manual workflow dispatch for testing</li> </ul> </li> <li> <p><strong>Environment Setup</strong>:</p> <ul> <li>AWS credentials from secrets</li> <li>Comprehensive Terraform variables including: <ul> <li>Infrastructure settings</li> <li>Domain configurations</li> <li>Application paths</li> <li>Service endpoints</li> </ul> </li> </ul> </li> <li> <p><strong>Planning Process</strong>:</p> <ul> <li>Format validation</li> <li>Base branch comparison</li> <li>Plan generation</li> <li>Cost analysis via Infracost</li> </ul> </li> <li> <p><strong>PR Integration</strong>:</p> <ul> <li>Automated PR comments with: <ul> <li>Infrastructure changes</li> <li>Cost estimations</li> <li>Resource modifications</li> <li>Base vs proposed comparisons</li> </ul> </li> </ul> </li> </ol> <h4> The workflow ensures: </h4> <ul> <li>Detailed cost breakdowns</li> <li>Change cost implications</li> <li>Resource-specific pricing</li> <li>Cost comparison with current state</li> <li>Clear plan presentation in PR comments</li> </ul> <blockquote> <p><strong>Important</strong>: The workflow requires an Infracost API key stored in GitHub secrets for cost estimation features to work properly.</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnh3sohzugvufrchonjj8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnh3sohzugvufrchonjj8.png" alt="Terraform plan" width="800" height="371"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fss1wk6cu9992rglwpoo2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fss1wk6cu9992rglwpoo2.png" alt="PR result" width="800" height="323"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fruokqz1xyg65ne6xy0f6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fruokqz1xyg65ne6xy0f6.png" alt="Plan insight result" width="800" height="465"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpk5qdhtdzl9wc3cnohyp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpk5qdhtdzl9wc3cnohyp.png" alt="ost estimation result" width="800" height="547"></a></p> <h3> terraform-apply.yml </h3> <p>This workflow is responsible for actual infrastructure deployment. It exists in both main and <code>infra_main</code> branches to ensure proper triggering on PR merges and to allow manual infrastructure management.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Infrastructure Apply</span> <span class="na">on</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">infra_main'</span> <span class="na">types</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">closed</span> <span class="na">workflow_dispatch</span><span class="pi">:</span> <span class="na">inputs</span><span class="pi">:</span> <span class="na">action</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">choice</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Select</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">action</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">perform'</span> <span class="na">required</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">default</span><span class="pi">:</span> <span class="s1">'</span><span class="s">destroy'</span> <span class="na">options</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">destroy'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">apply'</span> <span class="na">env</span><span class="pi">:</span> <span class="na">AWS_ACCESS_KEY_ID</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_ACCESS_KEY_ID }}</span> <span class="na">AWS_SECRET_ACCESS_KEY</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_SECRET_ACCESS_KEY }}</span> <span class="na">TF_VAR_aws_region</span><span class="pi">:</span> <span class="s">${{ vars.AWS_REGION }}</span> <span class="c1"># Terraform Variables to be passed as environment variables</span> <span class="na">TF_VAR_ami_id</span><span class="pi">:</span> <span class="s">${{ vars.AMI_ID }}</span> <span class="na">TF_VAR_instance_type</span><span class="pi">:</span> <span class="s">${{ vars.INSTANCE_TYPE }}</span> <span class="na">TF_VAR_key_pair_name</span><span class="pi">:</span> <span class="s">${{ vars.KEY_PAIR_NAME }}</span> <span class="na">TF_VAR_instance_name</span><span class="pi">:</span> <span class="s">${{ vars.INSTANCE_NAME }}</span> <span class="na">TF_VAR_domain_name</span><span class="pi">:</span> <span class="s">${{ vars.DOMAIN_NAME }}</span> <span class="na">TF_VAR_frontend_domain</span><span class="pi">:</span> <span class="s">${{ vars.FRONTEND_DOMAIN }}</span> <span class="na">TF_VAR_db_domain</span><span class="pi">:</span> <span class="s">${{ vars.DB_DOMAIN }}</span> <span class="na">TF_VAR_traefik_domain</span><span class="pi">:</span> <span class="s">${{ vars.TRAEFIK_DOMAIN }}</span> <span class="na">TF_VAR_grafana_domain</span><span class="pi">:</span> <span class="s">${{ vars.GRAFANA_DOMAIN }}</span> <span class="na">TF_VAR_prometheus_domain</span><span class="pi">:</span> <span class="s">${{ vars.PROMETHEUS_DOMAIN }}</span> <span class="na">TF_VAR_cert_email</span><span class="pi">:</span> <span class="s">${{ vars.CERT_EMAIL }}</span> <span class="na">TF_VAR_private_key_path</span><span class="pi">:</span> <span class="s">${{ vars.PRIVATE_KEY_PATH }}</span> <span class="na">TF_VAR_app_dir</span><span class="pi">:</span> <span class="s">${{ vars.APP_DIR }}</span> <span class="na">TF_VAR_repo</span><span class="pi">:</span> <span class="s">${{ vars.REPO }}</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">terraform-apply</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Infrastructure Apply</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="c1"># Trigger on merged PR to infra_main or manual destroy</span> <span class="na">if</span><span class="pi">:</span> <span class="pi">&gt;</span> <span class="s">(github.event_name == 'pull_request' &amp;&amp; </span> <span class="s">github.event.pull_request.merged == true &amp;&amp; </span> <span class="s">github.base_ref == 'infra_main') ||</span> <span class="s">(github.event_name == 'workflow_dispatch')</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout PR Branch</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">ref</span><span class="pi">:</span> <span class="s">${{ github.head_ref }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install Terraform</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">hashicorp/setup-terraform@v2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Initialize Terraform Configuration</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform init</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">terraform</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Apply</span> <span class="na">if</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">github.event_name == 'pull_request' &amp;&amp; </span> <span class="s">github.event.pull_request.merged == true || </span> <span class="s">(github.event_name == 'workflow_dispatch' &amp;&amp; github.event.inputs.action == 'apply')</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform apply --auto-approve -lock=false</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">terraform</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Destroy</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.event_name == 'workflow_dispatch' &amp;&amp; github.event.inputs.action == 'destroy'</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform destroy --auto-approve -lock=false</span> <span class="na">working-directory</span><span class="pi">:</span> <span class="s">terraform</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Create Action Indicator</span> <span class="na">run</span><span class="pi">:</span> <span class="s">echo ${{ github.event.inputs.action }} &gt; ./ansible/action_indicator.txt</span> <span class="c1"># Upload inventory, trigger and key as artifacts</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Upload Inventory and Key</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.event_name != 'workflow_dispatch' || github.event.inputs.action != 'destroy'</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/upload-artifact@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">infrastructure-artifacts</span> <span class="na">path</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">ansible/inventory.ini</span> <span class="s">ansible/action_indicator.txt</span> <span class="s">terraform/${{ vars.KEY_PAIR_NAME }}</span> <span class="na">retention-days</span><span class="pi">:</span> <span class="m">1</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Save Infrastructure Details as Secrets</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.event_name != 'workflow_dispatch' || github.event.inputs.action != 'destroy'</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s"># First check if files exist</span> <span class="s">echo "Checking infrastructure files..."</span> <span class="s">if [ ! -f "terraform/${{ vars.KEY_PAIR_NAME }}" ] || [ ! -f "ansible/inventory.ini" ]; then</span> <span class="s">echo "Required files not found!"</span> <span class="s">exit 1</span> <span class="s">fi</span> <span class="s">echo "Reading infrastructure files..."</span> <span class="s"># Read files and encode in base64 to handle multiline content safely</span> <span class="s">SSH_KEY=$(cat "terraform/${{ vars.KEY_PAIR_NAME }}" | base64 -w 0)</span> <span class="s">INVENTORY=$(cat "ansible/inventory.ini" | base64 -w 0)</span> <span class="s">echo "Saving to GitHub Secrets..."</span> <span class="s"># Save SSH key</span> <span class="s">gh secret set EC2_SSH_KEY --body "$SSH_KEY"</span> <span class="s"># Save inventory</span> <span class="s">gh secret set EC2_INVENTORY --body "$INVENTORY"</span> <span class="s">echo "Infrastructure details saved as secrets successfully!"</span> <span class="na">env</span><span class="pi">:</span> <span class="na">GITHUB_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.PAT_TOKEN }}</span> <span class="na">GH_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.PAT_TOKEN }}</span> </code></pre> </div> <h4> Key Components: </h4> <ol> <li> <p><strong>Triggers</strong>:</p> <ul> <li>PR merge to <code>infra_main</code> branch</li> <li>Manual workflow dispatch with options: <ul> <li>Apply: For manual infrastructure deployment</li> <li>Destroy: For infrastructure teardown</li> </ul> </li> </ul> </li> <li> <p><strong>Environment Configuration</strong>:</p> <ul> <li>AWS credentials from secrets</li> <li>Terraform variables for: <ul> <li>AWS region</li> <li>AMI configuration</li> <li>Domain settings</li> <li>Application directories etc</li> </ul> </li> </ul> </li> <li> <p><strong>Critical Operations</strong>:</p> <ul> <li>Infrastructure deployment via Terraform apply</li> <li>Infrastructure destruction (manual trigger)</li> <li>Creation of artifacts for downstream workflows</li> <li> <strong>Important</strong>: Saves infrastructure details as GitHub secrets: <ul> <li>EC2_SSH_KEY: Base64 encoded SSH key</li> <li>EC2_INVENTORY: Base64 encoded inventory file</li> <li>These secrets are crucial for CD-application workflow</li> </ul> </li> </ul> </li> </ol> <blockquote> <p><strong>Note</strong>: The saving of infrastructure details as secrets is crucial for the CD-application workflow which we'll cover later. These secrets enable secure access to the deployed infrastructure.</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgmv6vtu7bchmcjxncg07.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgmv6vtu7bchmcjxncg07.png" alt="Terraform apply" width="800" height="288"></a></p> <h3> ansible-monitoring.yml and Associated Playbook </h3> <p>This workflow automates our monitoring stack deployment, being triggered automatically after successful infrastructure provisioning. The workflow exists in both main and <code>infra_main</code> branches for proper functionality.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Monitoring Stack Deployment</span> <span class="na">on</span><span class="pi">:</span> <span class="na">workflow_run</span><span class="pi">:</span> <span class="na">workflows</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">Terraform</span><span class="nv"> </span><span class="s">Infrastructure</span><span class="nv"> </span><span class="s">Apply"</span><span class="pi">]</span> <span class="na">types</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">completed</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">ansible-monitoring</span><span class="pi">:</span> <span class="na">if</span><span class="pi">:</span> <span class="s">${{ github.event.workflow_run.conclusion == 'success' }}</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Monitoring Stack Deployment</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout infra_main Branch</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">ref</span><span class="pi">:</span> <span class="s">infra_main</span> <span class="c1"># Explicitly checkout infra_main branch</span> <span class="na">fetch-depth</span><span class="pi">:</span> <span class="m">0</span> <span class="c1"># Get full history</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Download artifacts</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">dawidd6/action-download-artifact@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">workflow</span><span class="pi">:</span> <span class="s">terraform-apply.yml</span> <span class="na">workflow_conclusion</span><span class="pi">:</span> <span class="s">success</span> <span class="na">name</span><span class="pi">:</span> <span class="s">infrastructure-artifacts</span> <span class="na">path</span><span class="pi">:</span> <span class="s">./artifacts</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Check Action Indicator</span> <span class="na">id</span><span class="pi">:</span> <span class="s">check-action</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">ACTION=$(cat ./artifacts/ansible/action_indicator.txt)</span> <span class="s">echo "Action: $ACTION"</span> <span class="s">if [ "$ACTION" != "apply" ]; then</span> <span class="s">echo "Monitoring stack deployment skipped due to action: $ACTION"</span> <span class="s">exit 0</span> <span class="s">fi</span> <span class="c1"># Copy the key to the terraform directory</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup SSH Key</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">cp ./artifacts/terraform/${{ vars.KEY_PAIR_NAME }} ./terraform/</span> <span class="s">chmod 600 ./terraform/${{ vars.KEY_PAIR_NAME }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update Inventory File</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">sed -i "s|ansible_ssh_private_key_file=\./${{ vars.KEY_PAIR_NAME }}|ansible_ssh_private_key_file=./terraform/${{ vars.KEY_PAIR_NAME }}|" ./artifacts/ansible/inventory.ini</span> <span class="s">cat ./artifacts/ansible/inventory.ini # Debug print</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up Ansible</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">alex-oleshkevich/setup-ansible@v1.0.1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">9.3.0"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Ansible Playbook</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ./artifacts/ansible/inventory.ini ./ansible/playbook.yml \</span> <span class="s">--extra-vars "domain_name=${{ vars.DOMAIN_NAME }} \</span> <span class="s">traefik_domain=${{ vars.TRAEFIK_DOMAIN }} \</span> <span class="s">cert_email=${{ vars.CERT_EMAIL }}\</span> <span class="s">repo=${{ vars.REPO }}\</span> <span class="s">app_dir=${{ vars.APP_DIR }}\</span> <span class="s">branch=infra_main"</span> </code></pre> </div> <h4> Key Components: </h4> <ol> <li> <p><strong>Workflow Triggers</strong>:</p> <ul> <li>Automatic trigger after terraform-apply completion</li> <li>Checks action indicator to ensure proper execution should terraform apply workflow was only triggered for destroy</li> <li>Only proceeds on 'apply' action</li> </ul> </li> <li> <p><strong>Infrastructure Access</strong>:</p> <ul> <li>Downloads terraform-generated artifacts</li> <li>Configures SSH access using infrastructure keys</li> <li>Updates inventory file paths and permissions</li> </ul> </li> <li> <p><strong>Monitoring Setup</strong>:</p> <ul> <li>Deploys complete monitoring stack via Ansible</li> <li>Configures domains and certificates</li> <li>Sets up repository and application directory</li> </ul> </li> </ol> <h4> Associated Ansible Playbook Overview </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="s">main playbook</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setting up application and monitoring servers</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">all</span> <span class="na">become</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">roles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">docker</span> <span class="pi">-</span> <span class="s">file_setup</span> <span class="pi">-</span> <span class="s">monitoring_setup</span> <span class="s">--------</span> <span class="s">file setup task</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Clone the repository</span> <span class="na">git</span><span class="pi">:</span> <span class="na">repo</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">repo</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">dest</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">app_dir</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">branch</span><span class="nv"> </span><span class="s">}}"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Ensure the Traefik directory exists</span> <span class="na">file</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">app_dir</span><span class="nv"> </span><span class="s">}}/traefik"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">directory</span> <span class="na">mode</span><span class="pi">:</span> <span class="s1">'</span><span class="s">0755'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Create acme.json with proper permissions</span> <span class="na">file</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">app_dir</span><span class="nv"> </span><span class="s">}}/traefik/acme.json"</span> <span class="na">state</span><span class="pi">:</span> <span class="s">touch</span> <span class="na">mode</span><span class="pi">:</span> <span class="s1">'</span><span class="s">0600'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Check if the data folder exists</span> <span class="na">stat</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">app_dir</span><span class="nv"> </span><span class="s">}}/data"</span> <span class="na">register</span><span class="pi">:</span> <span class="s">data_folder</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Ensure Loki data folder has the correct ownership and permissions</span> <span class="na">block</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Change ownership of data folder for Loki</span> <span class="na">command</span><span class="pi">:</span> <span class="s">chown -R 10001:10001 ./data</span> <span class="na">args</span><span class="pi">:</span> <span class="na">chdir</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">app_dir</span><span class="nv"> </span><span class="s">}}"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set permissions for the data folder</span> <span class="na">command</span><span class="pi">:</span> <span class="s">chmod -R 755 ./data</span> <span class="na">args</span><span class="pi">:</span> <span class="na">chdir</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">app_dir</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">when</span><span class="pi">:</span> <span class="s">data_folder.stat.exists</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Configure monitoring compose file using template</span> <span class="na">template</span><span class="pi">:</span> <span class="na">src</span><span class="pi">:</span> <span class="s2">"</span><span class="s">monitoring_stack_template.j2"</span> <span class="na">dest</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">app_dir</span><span class="nv"> </span><span class="s">}}/monitoring-stack.yml"</span> <span class="na">mode</span><span class="pi">:</span> <span class="s1">'</span><span class="s">0644'</span> <span class="s">-----</span> <span class="s">the monitoring task</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Bring up the monitoring stack</span> <span class="na">command</span><span class="pi">:</span> <span class="s">docker compose -f monitoring-stack.yml up -d</span> <span class="na">args</span><span class="pi">:</span> <span class="na">chdir</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">app_dir</span><span class="nv"> </span><span class="s">}}"</span> </code></pre> </div> <p>The playbook orchestrates the entire monitoring setup through three distinct roles:</p> <ol> <li> <p><strong>Docker Role</strong>:</p> <ul> <li>Ensures Docker is installed and configured</li> <li>Sets up required Docker services</li> <li>Configures networking prerequisites</li> </ul> </li> <li> <p><strong>File Setup Role</strong>:</p> <ul> <li>Clones configuration repository</li> <li>Creates necessary directory structure</li> <li>Sets up Traefik and SSL configurations</li> <li>Manages permissions and ownership</li> <li>Prepares data persistence directories</li> </ul> </li> <li> <p><strong>Monitoring Setup Role</strong>:</p> <ul> <li>Deploys the complete monitoring stack</li> <li>Configures Prometheus, Grafana, and Loki</li> <li>Sets up reverse proxy with Traefik</li> <li>Ensures all services are running</li> </ul> </li> </ol> <h4> The workflow ensures: </h4> <ol> <li> <p><strong>Setup Integrity</strong>:</p> <ul> <li>Proper directory structure</li> <li>Correct file permissions</li> <li>Required configurations</li> </ul> </li> <li> <p><strong>Security Measures</strong>:</p> <ul> <li>Secure credential handling</li> <li>Protected certificates</li> <li>Proper file permissions</li> </ul> </li> <li> <p><strong>Monitoring Components</strong>:</p> <ul> <li>Prometheus for metrics</li> <li>Grafana for visualization</li> <li>Loki for logs</li> <li>Traefik for routing</li> </ul> </li> </ol> <blockquote> <p><strong>Note</strong>: This workflow is dependent on the artifacts generated by terraform-apply.yml, showcasing the workflow dependencies in our infrastructure pipeline and it is located both in the <code>main</code> branch and the <code>infra_main</code> branch.</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs6hb0wee7cvwpfbbqins.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs6hb0wee7cvwpfbbqins.png" alt="Ansible monitoring" width="800" height="293"></a></p> <h3> ci-application.yml </h3> <p>This workflow manages the continuous integration process for our application, building and pushing Docker images while updating deployment configurations(compose file).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Application CI Pipeline</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">integration'</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">backend/**'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">frontend/**'</span> <span class="na">env</span><span class="pi">:</span> <span class="na">DOCKERHUB_USERNAME</span><span class="pi">:</span> <span class="s">${{ secrets.DOCKERHUB_USERNAME }}</span> <span class="na">DOCKERHUB_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.DOCKERHUB_TOKEN }}</span> <span class="na">IMAGE_TAG</span><span class="pi">:</span> <span class="s">1.0.${{ github.run_number }}</span> <span class="na">FRONTEND_IMAGE</span><span class="pi">:</span> <span class="s">frontend-dojodevops</span> <span class="na">BACKEND_IMAGE</span><span class="pi">:</span> <span class="s">backend-dojodevops</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build-and-push</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout Repository</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">token</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Login to Docker Hub</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/login-action@v3</span> <span class="na">with</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">${{ secrets.DOCKERHUB_USERNAME }}</span> <span class="na">password</span><span class="pi">:</span> <span class="s">${{ secrets.DOCKERHUB_TOKEN }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up Docker Buildx</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/setup-buildx-action@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and push backend</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/build-push-action@v5</span> <span class="na">with</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./backend</span> <span class="na">push</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">tags</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">${{ secrets.DOCKERHUB_USERNAME }}/${{ env.BACKEND_IMAGE }}:${{ env.IMAGE_TAG }}</span> <span class="s">${{ secrets.DOCKERHUB_USERNAME }}/${{ env.BACKEND_IMAGE }}:latest</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and push frontend</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">docker/build-push-action@v5</span> <span class="na">with</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./frontend</span> <span class="na">push</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">tags</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">${{ secrets.DOCKERHUB_USERNAME }}/${{ env.FRONTEND_IMAGE }}:${{ env.IMAGE_TAG }}</span> <span class="s">${{ secrets.DOCKERHUB_USERNAME }}/${{ env.FRONTEND_IMAGE }}:latest</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update docker-compose.yml</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "=== Current docker-compose template content ==="</span> <span class="s">cat ./ansible/roles/app_deploy/templates/docker-compose.yml.j2</span> <span class="s">echo -e "\n=== Attempting to update image tags ==="</span> <span class="s"># Update backend image</span> <span class="s">sed -i "s|image: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.BACKEND_IMAGE }}:.*|image: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.BACKEND_IMAGE }}:${{ env.IMAGE_TAG }}|" ./ansible/roles/app_deploy/templates/docker-compose.yml.j2</span> <span class="s"># Update frontend image</span> <span class="s">sed -i "s|image: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.FRONTEND_IMAGE }}:.*|image: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.FRONTEND_IMAGE }}:${{ env.IMAGE_TAG }}|" ./ansible/roles/app_deploy/templates/docker-compose.yml.j2</span> <span class="s">echo -e "\n=== Updated docker-compose template content ==="</span> <span class="s">cat ./ansible/roles/app_deploy/templates/docker-compose.yml.j2</span> <span class="s"># Check if any changes were made</span> <span class="s">if git diff --quiet ./ansible/roles/app_deploy/templates/docker-compose.yml.j2; then</span> <span class="s">echo "No changes were made to docker-compose template"</span> <span class="s">echo "Current content of docker-compose template:"</span> <span class="s">cat ./ansible/roles/app_deploy/templates/docker-compose.yml.j2</span> <span class="s">exit 1</span> <span class="s">else</span> <span class="s">echo "Changes detected in docker-compose template:"</span> <span class="s">git diff ./ansible/roles/app_deploy/templates/docker-compose.yml.j2</span> <span class="s">fi</span> <span class="c1"># Using GitHub's default token for authentication</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Commit and push updated docker-compose</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">git config --global user.name "${{ github.actor }}"</span> <span class="s">git config --global user.email "${{ github.actor }}@users.noreply.github.com"</span> <span class="s">git add ./ansible/roles/app_deploy/templates/docker-compose.yml.j2</span> <span class="s">git commit -m "Update image tags to ${{ env.IMAGE_TAG }}"</span> <span class="s">git push origin integration</span> </code></pre> </div> <h4> Key Components: </h4> <ol> <li> <p><strong>Triggers</strong>:</p> <ul> <li>Push events to <code>integration</code> branch</li> <li>Path filters for backend and frontend directories</li> </ul> </li> <li> <p><strong>Environment Setup</strong>:</p> <ul> <li>Docker Hub credentials</li> <li>Image versioning using GitHub run number</li> <li>Separate images for frontend and backend</li> </ul> </li> <li> <p><strong>Build Process</strong>:</p> <ul> <li>Docker Buildx setup for multi-platform builds</li> <li>Parallel builds for frontend and backend</li> <li>Tag management with latest and versioned tags</li> <li>Docker compose template updates</li> </ul> </li> </ol> <h4> The workflow ensures: </h4> <ul> <li>Automated image builds</li> <li>Version control of images</li> <li>Configuration updates</li> <li>Proper image tagging</li> <li>Automated commit of updated configurations</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnxd03nnkndy4b0tp9tjq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnxd03nnkndy4b0tp9tjq.png" alt="ci" width="800" height="282"></a></p> <h3> cd-application.yml </h3> <p>This workflow handles the continuous deployment of our application, utilizing infrastructure secrets from previous workflows.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Application CD Pipeline</span> <span class="na">on</span><span class="pi">:</span> <span class="na">workflow_dispatch</span><span class="pi">:</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">deployment'</span> <span class="na">types</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">closed</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">application-deploy</span><span class="pi">:</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.event.pull_request.merged == </span><span class="kc">true</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout deployment branch</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">ref</span><span class="pi">:</span> <span class="s">deployment</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup Infrastructure Files</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s"># Create directories</span> <span class="s">mkdir -p ./tmp/ ./tmp/ansible</span> <span class="s"># Decode and save SSH key</span> <span class="s">echo "${{ secrets.EC2_SSH_KEY }}" | base64 -d &gt; ./tmp/${{ vars.KEY_PAIR_NAME }}</span> <span class="s">chmod 600 ./tmp/${{ vars.KEY_PAIR_NAME }}</span> <span class="s"># Decode and save inventory</span> <span class="s">echo "${{ secrets.EC2_INVENTORY }}" | base64 -d &gt; ./tmp/ansible/inventory.ini</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update Inventory File</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">sed -i "s|ansible_ssh_private_key_file=\./${{ vars.KEY_PAIR_NAME }}|ansible_ssh_private_key_file=./tmp/${{ vars.KEY_PAIR_NAME }}|" ./tmp/ansible/inventory.ini</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up Ansible</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">alex-oleshkevich/setup-ansible@v1.0.1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">9.3.0"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Application Deployment Playbook</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i ./tmp/ansible/inventory.ini ./ansible/playbook.yml \</span> <span class="s">--extra-vars '{</span> <span class="s">"repo": "${{ vars.REPO }}",</span> <span class="s">"app_dir": "${{ vars.APP_DIR }}",</span> <span class="s">"backend_env": ${{ toJSON(secrets.BACKEND_ENV) }},</span> <span class="s">"frontend_env": ${{ toJSON(secrets.FRONTEND_ENV) }},</span> <span class="s">"frontend_domain": "${{ vars.FRONTEND_DOMAIN }}",</span> <span class="s">"DOCKERHUB_USERNAME": "${{ secrets.DOCKERHUB_USERNAME }}",</span> <span class="s">"FRONTEND_IMAGE": "frontend-dojodevops",</span> <span class="s">"BACKEND_IMAGE": "backend-dojodevops",</span> <span class="s">"db_domain": "${{ vars.DB_DOMAIN }}",</span> <span class="s">"branch": "deployment"</span> <span class="s">}'</span> </code></pre> </div> <h4> Key Components: </h4> <ol> <li> <p><strong>Triggers</strong>:</p> <ul> <li>Pull request merge to <code>deployment</code> branch</li> <li>Manual workflow dispatch</li> </ul> </li> <li> <p><strong>Infrastructure Setup</strong>:</p> <ul> <li>Utilizes secrets from terraform-apply: <ul> <li>EC2_SSH_KEY for server access</li> <li>EC2_INVENTORY for server details</li> </ul> </li> </ul> </li> <li> <p><strong>Deployment Process</strong>:</p> <ul> <li>Ansible configuration</li> <li>Environment setup</li> <li>Application deployment</li> </ul> </li> </ol> <h4> The workflow ensures: </h4> <ul> <li>Secure deployment process</li> <li>Environment configuration</li> <li>Infrastructure access</li> <li>Application setup by triggering the ansible playbook</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0d1i8wn2cbq6o8u5gg3z.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0d1i8wn2cbq6o8u5gg3z.png" alt="cd" width="800" height="282"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh6qxkud04du52ik54oj6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh6qxkud04du52ik54oj6.png" alt="full workflow" width="800" height="365"></a></p> <blockquote> <p><strong>Important Environment Variables and Secrets Guide</strong>:</p> <p><strong>Infrastructure Secrets (Generated by terraform-apply)</strong>:</p> <ul> <li> <code>EC2_SSH_KEY</code>: Base64 encoded SSH key for EC2 access</li> <li> <code>EC2_INVENTORY</code>: Base64 encoded Ansible inventory file</li> </ul> <p><strong>Docker Hub Credentials</strong>:</p> <ul> <li> <code>DOCKERHUB_USERNAME</code>: Docker Hub account username</li> <li> <code>DOCKERHUB_TOKEN</code>: Docker Hub access token</li> </ul> <p><strong>Application Environment Variables</strong>:</p> <ul> <li> <code>BACKEND_ENV</code>: JSON object containing backend environment variables</li> <li> <code>FRONTEND_ENV</code>: JSON object containing frontend environment variables</li> </ul> <p><strong>Domain Configuration</strong>:</p> <ul> <li> <code>FRONTEND_DOMAIN</code>: Domain for frontend service</li> <li> <code>DB_DOMAIN</code>: Domain for database service</li> </ul> <p><strong>Repository Settings</strong>:</p> <ul> <li> <code>REPO</code>: Repository URL</li> <li> <code>APP_DIR</code>: Application directory path</li> <li> <code>KEY_PAIR_NAME</code>: Name of the SSH key pair</li> </ul> <p><strong>Note</strong>: The CD workflow showcases the importance of proper secret management, using infrastructure secrets generated during provisioning for secure deployment access.</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb10nirzbiy8mfrkmmc1y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb10nirzbiy8mfrkmmc1y.png" alt="secrets" width="800" height="523"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftdg76lhfyuhgmong56bt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftdg76lhfyuhgmong56bt.png" alt="variables" width="800" height="524"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc2q56g3h4nth88blkj8k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc2q56g3h4nth88blkj8k.png" alt="web" width="800" height="356"></a></p> <h3> Clean Up </h3> <p>This can be done by manually triggering terraform destroy. </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8jjvjet6qajk13rl8yoa.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8jjvjet6qajk13rl8yoa.png" alt="destroy" width="800" height="228"></a></p> terraform ansible githubactions aws Complete Guide to Containerizing and Deploying a Full-Stack Application with Docker Compose, Nginx Manager, and Monitoring Tools Afeez Oluwashina Adeboye Sat, 23 Nov 2024 13:30:52 +0000 https://dev.to/afeezaa/complete-guide-to-containerizing-and-deploying-a-full-stack-application-with-docker-nginx-and-4koj https://dev.to/afeezaa/complete-guide-to-containerizing-and-deploying-a-full-stack-application-with-docker-nginx-and-4koj <h2> Containerizing a Full-Stack Application with Advanced Monitoring </h2> <h2> Table of Contents </h2> <p>A. Introduction<br> B. Prerequisites<br> C. Project Setup<br> D. Backend Configuration<br> E. Frontend Configuration<br> F. Docker Setup<br> G. Docker Compose Configuration<br> H. Reverse Proxy &amp; SSL Setup<br> I. Database Management<br> F. Setting up the monitoring stack</p> <h2> Introduction <a></a> </h2> <p>In this project, we will containerize and deploy a multi-tier web application using Docker, Docker Compose, and reverse proxy configurations. The application consists of a <strong>React frontend</strong> that interacts with a <strong>FastAPI backend</strong>, which is backed by a <strong>PostgreSQL</strong> database. To ensure smooth monitoring and management of the application's performance, we will integrate a <strong>Monitoring Stack</strong> that includes <strong>Prometheus</strong> for metrics collection, <strong>Grafana</strong> for data visualization, <strong>Loki</strong> for log aggregation, and <strong>cAdvisor</strong> for container performance monitoring.</p> <p>The overall architecture will use <strong>Docker Compose</strong> for orchestration, ensuring that all services are interconnected and can communicate seamlessly. The services will be routed through a reverse proxy, either <strong>Traefik</strong> or <strong>Nginx Proxy Manager</strong>, to ensure proper URL routing, security, and access control for both the application stack and the monitoring stack.</p> <h2> Prerequisites <a></a> </h2> <ul> <li>Linux-based operating system (Ubuntu, CentOS, etc.)</li> <li>Docker and Docker Compose installed</li> <li>Cloud provider account (AWS, Google Cloud, or Azure) for deployment</li> <li>Domain name</li> <li>Basic knowledge of: <ul> <li>Docker &amp; Docker Compose</li> <li>React &amp; FastAPI</li> <li>Prometheus, Grafana, Loki, and cAdvisor</li> </ul> </li> </ul> <h2> Project Setup <a></a> </h2> <p>A. Clone the repository:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/The-DevOps-Dojo/cv-challenge01.git <span class="nb">cd </span>cv-challenge01 </code></pre> </div> <h2> Backend Configuration <a></a> </h2> <p>A. Navigate to the backend directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>backend </code></pre> </div> <p>B. Install Poetry (dependency manager):</p> <ul> <li> <p>For macOS/Linux:<br> </p> <pre class="highlight shell"><code> curl <span class="nt">-sSL</span> https://install.python-poetry.org | python3 - </code></pre> </li> <li><p>For Windows: Follow <a href="https://python-poetry.org/docs/#installation" rel="noopener noreferrer">Poetry's documentation</a></p></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F99o029aas70y2p8l31rn.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F99o029aas70y2p8l31rn.png" alt="Poetry Installation" width="618" height="427"></a></p> <p>C. Verify Poetry installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>poetry <span class="nt">--version</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fysm0i4clofmgpvekb47w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fysm0i4clofmgpvekb47w.png" alt="Poetry Version Check" width="800" height="78"></a></p> <p>D. Install project dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>poetry <span class="nb">install</span> </code></pre> </div> <h3> PostgreSQL Setup </h3> <p>A. Install PostgreSQL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install </span>postgresql postgresql-contrib </code></pre> </div> <p>B. Switch to PostgreSQL user:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo</span> <span class="nt">-i</span> <span class="nt">-u</span> postgres psql </code></pre> </div> <p>C. Create database and user:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">USER</span> <span class="n">app</span> <span class="k">WITH</span> <span class="n">PASSWORD</span> <span class="s1">'changethis123'</span><span class="p">;</span> <span class="k">CREATE</span> <span class="k">DATABASE</span> <span class="n">app</span><span class="p">;</span> <span class="err">\</span><span class="k">c</span> <span class="n">app</span> <span class="k">GRANT</span> <span class="k">ALL</span> <span class="k">PRIVILEGES</span> <span class="k">ON</span> <span class="k">DATABASE</span> <span class="n">app</span> <span class="k">TO</span> <span class="n">app</span><span class="p">;</span> <span class="k">GRANT</span> <span class="k">ALL</span> <span class="k">PRIVILEGES</span> <span class="k">ON</span> <span class="k">SCHEMA</span> <span class="k">public</span> <span class="k">TO</span> <span class="n">app</span><span class="p">;</span> <span class="err">\</span><span class="n">q</span> <span class="n">exit</span> </code></pre> </div> <p>D. Configure environment variables:<br> Create/edit <code>.env</code> file in the backend directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>POSTGRES_SERVER=localhost POSTGRES_PORT=5432 POSTGRES_DB=app POSTGRES_USER=app POSTGRES_PASSWORD=changethis123 </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjlx0qar9foci3401lg3q.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjlx0qar9foci3401lg3q.png" alt="Environment Configuration" width="535" height="275"></a></p> <p>E. Initialize database:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>poetry run bash ./prestart.sh </code></pre> </div> <p>F. Start backend service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>poetry run uvicorn app.main:app <span class="nt">--host</span> 0.0.0.0 <span class="nt">--port</span> 8000 <span class="nt">--reload</span> </code></pre> </div> <h2> Frontend Configuration <a></a> </h2> <p>A. In a new terminal, navigate to frontend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>frontend </code></pre> </div> <p>B. Install Node.js and dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install </span>nodejs npm npm <span class="nb">install</span> </code></pre> </div> <p>C. Start frontend server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm run dev <span class="nt">--</span> <span class="nt">--host</span> </code></pre> </div> <p>When attempting to log in, you might encounter a network error:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdqdvuxpv1t9w5ol6ztcv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdqdvuxpv1t9w5ol6ztcv.png" alt="Network Error" width="800" height="358"></a></p> <h3> Frontend Configuration Updates </h3> <p>A. Update API URL in frontend <code>.env</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>VITE_API_URL=http://&lt;your_server_IP&gt;:8000 </code></pre> </div> <p>After updating the frontend configuration, you may encounter a CORS error:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flz0nyjbkk7a461w066fc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flz0nyjbkk7a461w066fc.png" alt="CORS Error" width="800" height="253"></a></p> <p>B. Update CORS settings in backend <code>.env</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>BACKEND_CORS_ORIGINS="http://localhost,http://localhost:5173,https://localhost,https://localhost:5173,http://&lt;your_server_IP&gt;:5173" </code></pre> </div> <p>C. Use these default login credentials:</p> <ul> <li>Username: <code>chanllenge@devopsdojo.com</code> </li> <li>Password: <code>devopsdojo57</code> </li> </ul> <p>After successful configuration, you should see:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbti7aslbw2v0lixuok10.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbti7aslbw2v0lixuok10.png" alt="Successful Login" width="800" height="263"></a></p> <h3> Accessing Swagger Documentation </h3> <p>Access the Swagger API documentation at <code>http://&lt;your_server_IP&gt;:8000/docs</code>:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj3pnguvv7dwg0d8oatd5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj3pnguvv7dwg0d8oatd5.png" alt="Swagger Documentation" width="800" height="388"></a></p> <h2> Docker Setup <a></a> </h2> <h3> Backend Dockerfile </h3> <p>Create a <code>Dockerfile</code> in the backend directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> tiangolo/uvicorn-gunicorn-fastapi:python3.10</span> <span class="k">WORKDIR</span><span class="s"> /app/</span> <span class="k">RUN </span>curl <span class="nt">-sSL</span> https://install.python-poetry.org | <span class="nv">POETRY_HOME</span><span class="o">=</span>/opt/poetry python <span class="o">&amp;&amp;</span> <span class="se">\ </span> <span class="nb">cd</span> /usr/local/bin <span class="o">&amp;&amp;</span> <span class="se">\ </span> <span class="nb">ln</span> <span class="nt">-s</span> /opt/poetry/bin/poetry <span class="o">&amp;&amp;</span> <span class="se">\ </span> poetry config virtualenvs.create <span class="nb">false</span> <span class="k">COPY</span><span class="s"> ./pyproject.toml ./poetry.lock* /app/</span> <span class="k">RUN </span>poetry <span class="nb">install</span> <span class="nt">--no-root</span> <span class="nt">--only</span> main <span class="k">ENV</span><span class="s"> PYTHONPATH=/app</span> <span class="k">COPY</span><span class="s"> ./alembic.ini /app/</span> <span class="k">COPY</span><span class="s"> ./prestart.sh /app/</span> <span class="k">COPY</span><span class="s"> ./app /app/app</span> <span class="c"># Ensure prestart.sh is executable</span> <span class="k">RUN </span><span class="nb">chmod</span> +x /app/prestart.sh <span class="c"># Override the CMD to run the prestart.sh script and then start Uvicorn</span> <span class="k">CMD</span><span class="s"> ["/bin/bash", "-c", "/app/prestart.sh &amp;&amp; uvicorn app.main:app --host 0.0.0.0 --port 8000"]</span> </code></pre> </div> <h3> Frontend Dockerfile </h3> <p>Create a <code>Dockerfile</code> in the frontend directory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Use the latest official Node.js image as a base</span> <span class="k">FROM</span><span class="s"> node:latest</span> <span class="c"># Set the working directory</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="c"># Copy the application files</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="c"># Install dependencies</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="c"># Expose the port the development server runs on</span> <span class="k">EXPOSE</span><span class="s"> 5173</span> <span class="c"># Run the development server</span> <span class="k">CMD</span><span class="s"> ["npm", "run", "dev", "--", "--host"]</span> </code></pre> </div> <h2> Docker Compose Configuration <a></a> </h2> <p>A. Create a <code>docker-compose.yml</code> file in the project root:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./backend</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">backend_fastapi_app</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8000:8000"</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">db</span> <span class="na">env_file</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./backend/.env</span> <span class="na">frontend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./frontend</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">frontend_nodejs_app</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5173:5173"</span> <span class="na">env_file</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./frontend/.env</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">postgres_db</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5432:5432"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">postgres_data:/var/lib/postgresql/data</span> <span class="na">env_file</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./backend/.env</span> <span class="na">adminer</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">adminer</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">adminer-service</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080:8080"</span> <span class="na">proxy</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">jc21/nginx-proxy-manager:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">nginx_proxy_manager</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">81:81"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">DB_SQLITE_FILE</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/data/database.sqlite"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./data:/data</span> <span class="pi">-</span> <span class="s">./letsencrypt:/etc/letsencrypt</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">db</span> <span class="pi">-</span> <span class="s">backend</span> <span class="pi">-</span> <span class="s">frontend</span> <span class="pi">-</span> <span class="s">adminer</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">postgres_data</span><span class="pi">:</span> <span class="na">data</span><span class="pi">:</span> <span class="na">letsencrypt</span><span class="pi">:</span> </code></pre> </div> <p>B. Start the services:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Build and start all services</span> docker compose up <span class="nt">--build</span> <span class="nt">-d</span> <span class="c"># Check service status</span> docker compose ps <span class="c"># View logs</span> docker compose logs <span class="nt">-f</span> </code></pre> </div> <h2> <strong>Reverse Proxy and SSL Setup</strong> <a></a> </h2> <h3> A. Access Nginx Proxy Manager </h3> <ul> <li>URL: <code>http://&lt;your-server-ip&gt;:81</code> </li> <li>Default credentials: <ul> <li> <strong>Email:</strong> <code>admin@example.com</code> </li> <li> <strong>Password:</strong> <code>changeme</code> </li> </ul> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd1un4xs66dvfwiwn25wj.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd1un4xs66dvfwiwn25wj.png" alt="Nginx Proxy Manager Login" width="800" height="405"></a></p> <h3> B. Configure Proxy Hosts for Services </h3> <ul> <li> <strong>Add Frontend Proxy Host</strong> <ul> <li> <strong>Domain:</strong> <code>your_domain.com</code> </li> <li> <strong>Forward Hostname:</strong> <code>frontend</code> </li> <li> <strong>Forward Port:</strong> <code>5173</code> </li> <li> <strong>Options:</strong> <ul> <li>Enable <strong>Block Common Exploits</strong> </li> </ul> </li> </ul> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm0mamhj6cfpr6jetnec9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm0mamhj6cfpr6jetnec9.png" alt="Proxy Host Configuration" width="608" height="601"></a></p> <ul> <li> <strong>SSL:</strong> <ul> <li>Request a Let's Encrypt certificate. </li> <li>Enable <strong>Force SSL</strong>. </li> </ul> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnxm149c50l71a1sl3iiq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnxm149c50l71a1sl3iiq.png" alt="SSL PROXY MANAGER" width="625" height="451"></a></p> <h3> C. Configure Advanced Proxy Settings </h3> <p>Go to the <strong>Advanced</strong> tab for the backend service and add the following routing rules:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code> <span class="k">location</span> <span class="n">/api</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://backend:8000</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="p">}</span> <span class="k">location</span> <span class="n">/docs</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://backend:8000</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkkg9bb3jj5z0j9k39xit.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkkg9bb3jj5z0j9k39xit.png" alt="Advanced Configuration" width="546" height="602"></a></p> <ul> <li> <p><strong>Add Nginx Manager Proxy Host (API)</strong> </p> <ul> <li> <strong>Domain:</strong> <code>proxy.your_domain.com</code> </li> <li> <strong>Forward Hostname:</strong> <code>proxy</code> </li> <li> <strong>Forward Port:</strong> <code>81</code> </li> <li> <strong>SSL:</strong> Follow the same steps as above. </li> </ul> </li> <li> <p><strong>Add Adminer Proxy Host</strong> </p> <ul> <li> <strong>Domain:</strong> <code>db.your_domain.com</code> </li> <li> <strong>Forward Hostname:</strong> <code>db</code> </li> <li> <strong>Forward Port:</strong> <code>8080</code> </li> <li> <strong>SSL:</strong> Follow the same steps as above. </li> </ul> </li> <li> <p><strong>Redirect <code>www</code> to Non-<code>www</code>:</strong> </p> <ul> <li>Navigate to <strong>Proxy Hosts</strong> in Nginx Proxy Manager. </li> <li>Add a new Proxy Host for <code>www.your_domain.com</code>. </li> <li> <strong>Forward Hostname:</strong> <code>your_domain.com</code> </li> <li> <strong>Forward Port:</strong> <code>443</code> </li> <li>Enable <strong>Force SSL</strong>. </li> </ul> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fllsahifhohcv8m2xge9x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fllsahifhohcv8m2xge9x.png" alt="Redirect Configuration" width="800" height="330"></a></p> <h3> D. Verify Service Accessibility </h3> <p>After completing the above configurations: </p> <ul> <li> <strong>Frontend:</strong> <code>https://your_domain.com</code> </li> <li> <strong>Backend API:</strong> <code>https://api.your_domain.com</code> </li> <li> <strong>Adminer:</strong> <code>https://db.your_domain.com</code> </li> </ul> <h2> <strong>Database Management</strong> <a></a> </h2> <h3> A. Access Adminer </h3> <ol> <li>Navigate to <code>https://db.your_domain.com</code>. </li> <li>Login with the credentials from the backend's <code>.env</code> file: <ul> <li> <strong>System:</strong> PostgreSQL </li> <li> <strong>Server:</strong> <code>db</code> </li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh1zj7y9h53gko0r7u7o3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fh1zj7y9h53gko0r7u7o3.png" alt="Adminer Login Page" width="789" height="358"></a></p> <h3> B. Manage Database </h3> <ul> <li>Use Adminer to perform tasks like creating tables, managing records, or running SQL queries. </li> <li> <strong>Example Usage:</strong> <ul> <li> <strong>List All Tables:</strong> Access the left navigation menu in Adminer after logging in. </li> <li> <strong>Run Queries:</strong> Use the SQL tab to execute custom queries.</li> </ul> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdxgu06869cu22hy3x9dh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdxgu06869cu22hy3x9dh.png" alt="db management" width="800" height="365"></a></p> <p>By following these steps, you have a structured reverse proxy and database management setup. The dashboard ensures <code>www</code> requests are redirected seamlessly, and all services are accessible via specific subdomains.</p> <h2> Setting Up a Complete Monitoring Stack for Your Containerized Application <a></a> </h2> <p>NOTE: Please update the application compose file with a shared network. This is to make all services communicate internally with each other as shown below<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>services: backend: build: context: ./backend container_name: backend_fastapi_app ports: - "8000:8000" depends_on: - db env_file: - ./backend/.env networks: - shared-network frontend: build: context: ./frontend container_name: frontend_nodejs_app ports: - "5173:5173" env_file: - ./frontend/.env networks: - shared-network db: image: postgres:latest container_name: postgres_db ports: - "5432:5432" volumes: - postgres_data:/var/lib/postgresql/data env_file: - ./backend/.env networks: - shared-network adminer: image: adminer container_name: adminer-service ports: - "8080:8080" networks: - shared-network proxy: image: jc21/nginx-proxy-manager:latest container_name: nginx_proxy_manager ports: - "80:80" - "443:443" - "81:81" environment: DB_SQLITE_FILE: "/data/database.sqlite" volumes: - ./data:/data - ./letsencrypt:/etc/letsencrypt depends_on: - db - backend - frontend - adminer networks: - shared-network volumes: postgres_data: data: letsencrypt: networks: shared-network: name: shared-network </code></pre> </div> <p>Now that we have our application running, let's add comprehensive monitoring capabilities. We'll set up Prometheus for metrics collection, Grafana for visualization, cAdvisor for container metrics, and Loki with Promtail for log aggregation.</p> <h2> Getting Started </h2> <p>First, create a new file called <code>monitoring-compose.yml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">grafana</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/grafana</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">grafana</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">GF_SERVER_DOMAIN=your.domain</span> <span class="pi">-</span> <span class="s">GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s/grafana</span> <span class="pi">-</span> <span class="s">GF_SERVER_SERVE_FROM_SUB_PATH=true</span> <span class="pi">-</span> <span class="s">GF_AUTH_PROXY_ENABLED=false</span> <span class="pi">-</span> <span class="s">GF_SECURITY_ALLOW_EMBEDDING=true</span> <span class="pi">-</span> <span class="s">GF_SECURITY_COOKIE_SAMESITE=none</span> <span class="pi">-</span> <span class="s">GF_SECURITY_COOKIE_SECURE=true</span> <span class="pi">-</span> <span class="s">GF_SESSION_PROVIDER=memory</span> <span class="pi">-</span> <span class="s">GF_SESSION_PROVIDER_CONFIG=sessions</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3000:3000"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">grafana-storage:/var/lib/grafana</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">shared-network</span> <span class="na">prometheus</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">prom/prometheus</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">--config.file=/etc/prometheus/prometheus.yml'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">--web.external-url=/prometheus'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">--web.route-prefix=/prometheus'</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">9090:9090"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./prometheus:/etc/prometheus</span> <span class="pi">-</span> <span class="s">prom_data:/prometheus</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">cadvisor</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">shared-network</span> <span class="na">cadvisor</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">gcr.io/cadvisor/cadvisor:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">cadvisor</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8083:8080"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/:/rootfs:ro</span> <span class="pi">-</span> <span class="s">/var/run:/var/run:rw</span> <span class="pi">-</span> <span class="s">/sys:/sys:ro</span> <span class="pi">-</span> <span class="s">/var/lib/docker/:/var/lib/docker:ro</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">shared-network</span> <span class="na">loki</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/loki:3.0.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">loki</span> <span class="na">user</span><span class="pi">:</span> <span class="s2">"</span><span class="s">10001"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./loki-config.yaml:/mnt/config/loki-config.yaml</span> <span class="pi">-</span> <span class="s">./data:/tmp/loki</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3100:3100"</span> <span class="na">command</span><span class="pi">:</span> <span class="s">-config.file=/mnt/config/loki-config.yaml</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">shared-network</span> <span class="na">promtail</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/promtail:3.0.0</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">promtail</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">loki</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./promtail-config.yaml:/mnt/config/promtail-config.yaml</span> <span class="pi">-</span> <span class="s">/var/log:/var/log</span> <span class="na">command</span><span class="pi">:</span> <span class="s">-config.file=/mnt/config/promtail-config.yaml</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">shared-network</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">grafana-storage</span><span class="pi">:</span> <span class="na">prom_data</span><span class="pi">:</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">shared-network</span><span class="pi">:</span> <span class="na">external</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h2> Important Configuration Notes </h2> <h3> Network Configuration </h3> <p>Remember the <code>shared-network</code> we created earlier? Our monitoring stack will use the same network to communicate with our application. If you haven't created it yet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker network create shared-network </code></pre> </div> <p>This network allows our monitoring services to communicate with both the application services and each other.</p> <h3> Grafana Configuration </h3> <p>Looking at the Grafana service, you'll notice several environment variables:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">GF_SERVER_DOMAIN=your.domain</span> <span class="pi">-</span> <span class="s">GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s/grafana</span> <span class="pi">-</span> <span class="s">GF_SERVER_SERVE_FROM_SUB_PATH=true</span> </code></pre> </div> <p>Replace <code>your.domain</code> with your actual domain name. These settings ensure Grafana works correctly under a subpath (/grafana) with your domain.</p> <h3> Service Configuration Files </h3> <p>Before starting the stack, you'll need configuration files for Prometheus, Loki, and Promtail:</p> <ol> <li>Create a <code>prometheus.yml</code> file in a new <code>prometheus</code> directory: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">global</span><span class="pi">:</span> <span class="na">scrape_interval</span><span class="pi">:</span> <span class="s">15s</span> <span class="na">scrape_timeout</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">evaluation_interval</span><span class="pi">:</span> <span class="s">15s</span> <span class="na">alerting</span><span class="pi">:</span> <span class="na">alertmanagers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">scheme</span><span class="pi">:</span> <span class="s">http</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">api_version</span><span class="pi">:</span> <span class="s">v2</span> <span class="na">scrape_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">job_name</span><span class="pi">:</span> <span class="s">prometheus</span> <span class="na">honor_timestamps</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">scrape_interval</span><span class="pi">:</span> <span class="s">15s</span> <span class="na">scrape_timeout</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">metrics_path</span><span class="pi">:</span> <span class="s">/prometheus/metrics</span> <span class="na">scheme</span><span class="pi">:</span> <span class="s">http</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">prometheus:9090'</span><span class="pi">]</span> <span class="pi">-</span> <span class="na">job_name</span><span class="pi">:</span> <span class="s">cadvisor</span> <span class="na">scrape_interval</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">metrics_path</span><span class="pi">:</span> <span class="s">/metrics</span> <span class="na">scheme</span><span class="pi">:</span> <span class="s">http</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">cadvisor:8080'</span><span class="pi">]</span> </code></pre> </div> <ol> <li>Download Loki and Promtail configurations: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Get Loki config</span> wget https://raw.githubusercontent.com/grafana/loki/v3.0.0/cmd/loki/loki-local-config.yaml <span class="nt">-O</span> loki-config.yaml <span class="c"># Get Promtail config</span> wget https://raw.githubusercontent.com/grafana/loki/v3.0.0/clients/cmd/promtail/promtail-docker-config.yaml <span class="nt">-O</span> promtail-config.yaml </code></pre> </div> <h3> Nginx Proxy Manager Configuration </h3> <p>Add these locations to your existing proxy host configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">location</span> <span class="n">/prometheus</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://prometheus:9090</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="p">}</span> <span class="k">location</span> <span class="n">/grafana</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://grafana:3000</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkf7qrkftzmby9iohe67u.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkf7qrkftzmby9iohe67u.png" alt="Nginx Proxy Manager Advanced Settings" width="683" height="627"></a></p> <h2> Starting the Monitoring Stack </h2> <ol> <li>Create required directories and set permissions: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create directories</span> <span class="nb">mkdir</span> <span class="nt">-p</span> prometheus data <span class="c"># Set Loki permissions (important!)</span> <span class="nb">sudo chown</span> <span class="nt">-R</span> 10001:10001 ./data <span class="nb">sudo chmod</span> <span class="nt">-R</span> 755 ./data </code></pre> </div> <ol> <li>Start the stack: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose <span class="nt">-f</span> monitoring-compose.yml up <span class="nt">-d</span> </code></pre> </div> <ol> <li>Verify services are running: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose <span class="nt">-f</span> monitoring-compose.yml ps </code></pre> </div> <h2> Accessing Your Monitoring Stack </h2> <p>Once everything is running, you can access:</p> <ul> <li>Grafana: <code>https://your.domain/grafana</code> </li> <li>Prometheus: <code>https://your.domain/prometheus</code> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fow7s5dz8x0lyi5pzo8jk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fow7s5dz8x0lyi5pzo8jk.png" alt="Prometheus page" width="800" height="357"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn6dzbuxn2bq37whp1fqs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn6dzbuxn2bq37whp1fqs.png" alt="Grafana login page through subpath" width="800" height="402"></a></p> <h2> Troubleshooting Tips </h2> <p>If you encounter issues:</p> <ol> <li>Check service logs: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose <span class="nt">-f</span> monitoring-compose.yml logs grafana docker compose <span class="nt">-f</span> monitoring-compose.yml logs prometheus </code></pre> </div> <ol> <li>Verify network connectivity: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker network inspect shared-network </code></pre> </div> <h2> Setting Up Your Monitoring Dashboard </h2> <p>Now that our monitoring stack is running, let's configure our dashboards and data sources for effective monitoring.</p> <h2> Adding Data Sources to Grafana </h2> <p>A. Access Grafana at <code>https://your.domain/grafana</code></p> <ul> <li>Default credentials: admin/admin</li> <li>You'll be prompted to change the password on first login</li> </ul> <p>B. Configure Prometheus Data Source:</p> <ol> <li>Go to Settings (⚙️) &gt; Data Sources</li> <li>Click "Add data source"</li> <li>Select "Prometheus"</li> <li>Configure: <ul> <li>Name: Prometheus</li> <li>URL: <code>http://prometheus:9090/prometheus</code> #because of the sub-path requirements in our projects</li> <li>Access: Server (default)</li> </ul> </li> <li>Click "Save &amp; Test"</li> </ol> <h2> Setting Up Loki for Log Aggregation </h2> <p>A. Add Loki Data Source:</p> <ol> <li>Go to Settings (⚙️) &gt; Data Sources</li> <li>Click "Add data source"</li> <li>Select "Loki"</li> <li>Configure: <ul> <li>Name: Loki</li> <li>URL: <code>http://loki:3100</code> </li> <li>Access: Server (default)</li> </ul> </li> <li>Click "Save &amp; Test"</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5k57wj5casq6dyeuubk5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5k57wj5casq6dyeuubk5.png" alt="data source" width="800" height="326"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg7phaa3c5m4qsivu5i7k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg7phaa3c5m4qsivu5i7k.png" alt="cadvisor" width="800" height="391"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft47xjzbcnwd3b0ngv651.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft47xjzbcnwd3b0ngv651.png" alt="loki logs" width="800" height="389"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fev0t3iq9bnzsy8pr8k8i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fev0t3iq9bnzsy8pr8k8i.png" alt="prometheus targets" width="800" height="334"></a></p> <h2> <strong>References</strong> </h2> <ol> <li><p><strong>"My HNG Journey: Stage Two Containerization and Deployment of a Three-Tier Application Using Docker and Nginx Proxy Manager"</strong><br><br> A detailed guide on deploying a three-tier application with Docker and Nginx Proxy Manager, which influenced the reverse proxy configuration steps.<br><br> <a href="https://dev.to/ravencodess/my-hng-journey-stage-two-containerization-and-deployment-of-a-three-tier-application-using-docker-and-nginx-proxy-manager-2eh6">Read more on dev.to</a></p></li> <li><p><strong>Techdox Documentation</strong><br><br> Comprehensive documentation for setting up each monitoring services.<br><br> <a href="https://docs.techdox.nz/" rel="noopener noreferrer">Visit Docs Here</a></p></li> <li> <p><strong>Youtube videos</strong><br><br> Insightful YouTube videos with insight on deployment strategies and troubleshooting shared, particularly for Loki and Nginx. </p> <ul> <li> <a href="https://www.youtube.com/watch?v=yrscZ-kGc_Y" rel="noopener noreferrer">Effortless Server Monitoring: Install Grafana, Prometheus &amp; Node Exporter with Docker!</a> </li> <li> <a href="https://www.youtube.com/watch?v=zdxtfNabzWA" rel="noopener noreferrer">How to Install and Use cAdvisor with Docker | Monitor Your Containers Easily</a> </li> <li> <a href="https://www.youtube.com/watch?v=AtxQHiFBn7k" rel="noopener noreferrer">How to Self-Host Loki &amp; Promtail with Docker Compose and Connect to Grafana</a> </li> <li><a href="https://www.youtube.com/watch?v=dlhLZfS5Nq" rel="noopener noreferrer">Monitoring Docker Container Logs with Grafana Loki</a></li> </ul> </li> </ol> devops monitoring Automating User and Group Management with a Bash Script Afeez Oluwashina Adeboye Tue, 02 Jul 2024 07:55:42 +0000 https://dev.to/afeezaa/automating-user-and-group-management-with-a-bash-script-59je https://dev.to/afeezaa/automating-user-and-group-management-with-a-bash-script-59je <h2> Overview </h2> <p>For system administrators, maintaining user accounts and groups can be a tedious chore. Automating this process can save time and the possibility of human error. Our script, create_users.sh, makes this procedure simpler, which reads user and group data from a file and runs the required system commands.</p> <h2> Script Breakdown </h2> <p>Let's break down the script to understand how it works.</p> <h3> Script Initialization </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> </code></pre> </div> <p>The shebang <code>#!/bin/bash</code> tells the system to execute the script using the Bash shell.</p> <h3> Defining Color Codes </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Color codes RED="\e[31m" BLUE="\e[34m" YELLOW="\e[33m" YELLOW_ITALIC="\e[3;33m" RESET="\e[0m" </code></pre> </div> <p>We define color codes using ANSI escape sequences to make our script's output more readable. These colors will highlight different types of messages, such as errors, successes, and prompts.</p> <h3> Logging Function </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Function to log actions with timestamps and color coding log() { local COLOR="$2" local TEXT="$(date +"%Y-%m-%d %T") - $1" echo -e "${COLOR}${TEXT}${RESET}" | tee -a $LOG_FILE } </code></pre> </div> <p>Timestamped messages are formatted and logged by the log function. It appends these log entries to a log file and shows them on the terminal, using the designated color to distinguish between different log entry types.</p> <h3> Password Generation Function </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Function to generate a random password generate_password() { tr -dc A-Za-z0-9 &lt;/dev/urandom | head -c 12 } </code></pre> </div> <p>This function generates a random 12-character password using the <code>/dev/urandom</code> pseudo-random number generator.</p> <h3> Root User Check </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Check if the script is run as root if [[ $EUID -ne 0 ]]; then echo -e "${RED}This script must be run as root or with sudo${RESET}" exit 1 fi </code></pre> </div> <p>This block checks if the script is being run as the root user or with the sudo command. </p> <h3> Setting Up Log and Password Files </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Default log and password files LOG_FILE="/var/log/user_management.log" PASSWORD_FILE="/var/secure/user_passwords.txt" # Ensure the log and password files exist with secure permissions mkdir -p /var/secure touch $LOG_FILE touch $PASSWORD_FILE chmod 600 $PASSWORD_FILE </code></pre> </div> <p>We define the paths for our log file and password file. The <code>mkdir -p /var/secure</code> command creates the secure directory if it doesn't exist.</p> <h3> Input File Check </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Check if an input file is provided, otherwise prompt the user if [[ "$#" -ne 1 ]]; then echo -e "${YELLOW}Enter the filename containing the user information: ${RESET}" read INPUT_FILE else INPUT_FILE=$1 fi # Validate the input file if [[ ! -f $INPUT_FILE ]]; then log "Input file does not exist: $INPUT_FILE" "${RED}" # Red color for errors exit 1 fi </code></pre> </div> <p>This part checks if the script was given an input file as an argument. If not, it prompts the user to enter the filename. The script then checks if the file exists. If not, it logs an error and exits.</p> <h3> Processing Each Line of the Input File </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>while IFS=';' read -r username groups; do # Remove leading and trailing whitespace username=$(echo $username | xargs) groups=$(echo $groups | xargs) # Check if the username is empty if [[ -z "$username" ]]; then log "Empty username. Skipping..." "${YELLOW_ITALIC}" # Yellow color for skipped (italic) continue fi # Check if the user already exists if id "$username" &amp;&gt;/dev/null; then log "User $username already exists. Skipping..." "${YELLOW_ITALIC}" # Yellow color for skipped (italic) continue fi # Create the user with a home directory useradd -m -s /bin/bash "$username" if [[ $? -ne 0 ]]; then log "Failed to create user $username. Skipping..." "${RED}" # Red color for errors continue fi log "Created user $username with home directory /home/$username" "${BLUE}" # Blue color for success # Set home directory permissions chown "$username:$username" "/home/$username" chmod 700 "/home/$username" log "Set permissions for /home/$username" "${BLUE}" # Blue color for success # Create and add the user to additional groups IFS=',' read -ra group_array &lt;&lt;&lt; "$groups" for group in "${group_array[@]}"; do group=$(echo $group | xargs) # Remove whitespace if [[ ! $(getent group $group) ]]; then groupadd $group if [[ $? -eq 0 ]]; then log "Created group $group" "${BLUE}" # Blue color for success else log "Failed to create group $group. Skipping group assignment for $username." "${RED}" # Red color for errors continue fi fi usermod -aG "$group" "$username" log "Added user $username to group $group" "${BLUE}" # Blue color for success done # Generate and set a random password for the user password=$(generate_password) echo "$username,$password" &gt;&gt; $PASSWORD_FILE echo "$username:$password" | chpasswd log "Set password for user $username" "${BLUE}" # Blue color for success done &lt; "$INPUT_FILE" </code></pre> </div> <p>This is the core part of the script. It processes each line of the input file, which is expected to have the format <code>username;group1,group2,....</code></p> <ul> <li> <strong>Whitespace Removal:</strong> We remove leading and trailing whitespaces from usernames and groups.</li> <li> <strong>Empty Username Check:</strong> If a username is empty, it logs a message and skips to the next line.</li> <li> <strong>User Existence Check:</strong> If the user already exists, it logs a message and skips to the next user.</li> <li> <strong>User Creation:</strong> If the user doesn't exist, it creates the user with a home directory and logs the action.</li> <li> <strong>Set Permissions:</strong> It sets appropriate permissions for the user's home directory.</li> <li> <strong>Group Management:</strong> The script ensures each group exists and adds the user to the specified groups.</li> <li> <strong>Password Management:</strong> It generates a random password, sets it for the user, and securely logs it.</li> </ul> <h3> Final Log and Script Exit </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>log "User creation process completed." "${BLUE}" # Blue color for success exit 0 </code></pre> </div> <p>The script logs that the user creation process is complete and exits with a status code of 0, indicating success.</p> <h3> How to Run the Script </h3> <p>To execute the script, follow these steps:</p> <ol> <li> <strong>Ensure the script has executable permissions</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> bash chmod +x create_users.sh </code></pre> </div> <ol> <li> <strong>Prepare the input file as shown below;</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Lagos;sudo,dev,www-data Abuja;sudo Lokoja;dev,www-data </code></pre> </div> <ol> <li> <p><strong>Run the script with the input file as an argument:</strong><br> </p> <pre class="highlight plaintext"><code>sudo bash create_users.sh file.txt </code></pre> </li> </ol> <p>Find the complete code <a href="https://github.com/Afeez-AA/HNG1.git">Here.</a> </p> <h3> CONCLUSION </h3> <p>Administrative operations can be greatly streamlined by using Bash scripts to automate user and group management. This script shows how to create users, manage groups, handle passwords safely, and read user information from a file.</p> <p>You are welcome to alter this script to meet your own requirements; just keep in mind that scripts should always be tested in a secure setting before being used in production.</p> <p>For more insights and opportunities to grow as a developer, check out the <a href="https://hng.tech/internship">HNG Internship</a> and explore how to <a href="https://hng.tech/hire">hire talented developers</a> through the HNG platform.</p>