From fda23a778eb5389f16d9135268c6d7061513cb26 Mon Sep 17 00:00:00 2001
From: Alexandre Chevalier <alexandre.chevalier@etudiant.univ-rennes.fr>
Date: Fri, 13 Feb 2026 16:48:19 +0100
Subject: [PATCH] deplacement dans ansible des fichiers docker

---
 README.md                                     | 10 +-
 ansible/files/apache.conf.j2                  | 17 ++++
 .../files/dockercompose/docker-compose.yml    | 95 ++++++++++++++++++
 ansible/files/dockerfiles/back/Dockerfile     | 18 ++++
 ansible/files/dockerfiles/back/Dockerfile2    | 31 ++++++
 .../dockerfiles/back/DockerfileUsingApiNative | 40 ++++++++
 ansible/files/dockerfiles/front/Dockerfile    | 20 ++++
 ansible/files/info.php.j2                     |  2 +
 ansible/hosts                                 |  7 ++
 ansible/playbook.yml                          | 97 +++++++++++++++++++
 ansible/vars/default.yml                      |  7 ++
 commands.md                                   | 10 ++
 compose.yml                                   | 81 ----------------
 vagrant/libvirt/.vagrant/rgloader/loader.rb   | 12 +++
 vagrant/libvirt/Vagrantfile                   | 27 ++++++
 .../virtualbox/.vagrant/rgloader/loader.rb    | 12 +++
 vagrant/virtualbox/Vagrantfile                | 27 ++++++
 17 files changed, 429 insertions(+), 84 deletions(-)
 create mode 100644 ansible/files/apache.conf.j2
 create mode 100644 ansible/files/dockercompose/docker-compose.yml
 create mode 100644 ansible/files/dockerfiles/back/Dockerfile
 create mode 100644 ansible/files/dockerfiles/back/Dockerfile2
 create mode 100644 ansible/files/dockerfiles/back/DockerfileUsingApiNative
 create mode 100644 ansible/files/dockerfiles/front/Dockerfile
 create mode 100644 ansible/files/info.php.j2
 create mode 100644 ansible/hosts
 create mode 100755 ansible/playbook.yml
 create mode 100644 ansible/vars/default.yml
 create mode 100644 commands.md
 delete mode 100644 compose.yml
 create mode 100644 vagrant/libvirt/.vagrant/rgloader/loader.rb
 create mode 100644 vagrant/libvirt/Vagrantfile
 create mode 100644 vagrant/virtualbox/.vagrant/rgloader/loader.rb
 create mode 100644 vagrant/virtualbox/Vagrantfile

diff --git a/README.md b/README.md
index 6f780c1..1b194b3 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,9 @@ Pour chaque TP, vous devrez ajouter votre enseignant en tant que membre du proje
 
 :warning: Vous aurez du mal à avoir un fonctionnement correct à cette étape-là. En effet, le code du front va faire ces requêtes *REST* à la même adresse que celui qui lui a fourni le code html, css et js pour éviter les problèmes de CORS. Il est donc nécessaire de se forcer à configurer le serveur nginx qui délivre le front pour faire *proxy_pass* quand il reçoit une requête sur la route */api* ou une sous-route de */api*. Ne vous inquiétez pas, on configure cela à l'étape suivante.
 
-- **Tâche 2**: Configurer le serveur Web du Front pour qu'il soit capable de servir de point d'entrée à l'ensemble des requêtes puis qu'il les *route* vers le bon service de Back. Il est possible de mettre en place un serveur Web spécifique pour gérer ce routing (on le nomme alors la gateway d'API). On peut aussi dans notre cas se servir du fichier nginx du front pour router les requêtes.
+- **Tâche 2**: Configurer le serveur Web du Front pour qu'il soit capable de servir de point d'entrée à l'ensemble des requêtes puis qu'il l
+- es *route* vers le bon service de Back. Il est possible de mettre en place un serveur Web spécifique pour gérer ce routing (on le nomme alors la gateway d'API). 
+- On peut aussi dans notre cas se servir du fichier nginx du front pour router les requêtes.
 
 <details>
 <summary>Exemples de fichiers de configuration nginx</summary>
@@ -130,9 +132,11 @@ server {
 
 </details>
 
-- **Tâche 3**: Déployer correctement une première fois votre application en configurant convenablement la partie DNS pour le reverse proxy, letsencrypt pour le certificat côté serveur et ufw pour le firewall sur votre machine virtuelle.
+- **Tâche 3**: Déployer correctement une première fois votre application en configurant convenablement la partie DNS pour le reverse proxy, letsencrypt 
+    pour le certificat côté serveur et ufw pour le firewall sur votre machine virtuelle.
 
-En gros, vous allez prendre votre fichier docker-compose, votre fichier de configuration nginx, votre front et mettre cela sur votre VM. Mettre les bonnes variables de configuration dans ces deux fichiers. Vous aurez besoin soit de builder les images sur la VM soit de pushé vos images sur le docker_hub afin de pouvoir les *puller* depuis votre VM.
+En gros, vous allez prendre votre fichier docker-compose, votre fichier de configuration nginx, votre front et mettre cela sur votre VM. Mettre les bonnes variables de configuration 
+dans ces deux fichiers. Vous aurez besoin soit de builder les images sur la VM soit de pushé vos images sur le docker_hub afin de pouvoir les *puller* depuis votre VM.
 
 - **Tâche 4**: Documenter, à l'aide d'un diagramme de déploiement UML ou autre notation, le déploiement réalisé pour le moment sur votre machine virtuelle.
 
diff --git a/ansible/files/apache.conf.j2 b/ansible/files/apache.conf.j2
new file mode 100644
index 0000000..0f61217
--- /dev/null
+++ b/ansible/files/apache.conf.j2
@@ -0,0 +1,17 @@
+<VirtualHost *:{{ http_port }}>
+    ServerAdmin webmaster@localhost
+    ServerName {{ http_host }}
+    ServerAlias www.{{ http_host }}
+    DocumentRoot /var/www/{{ http_host }}
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+    <Directory /var/www/{{ http_host }}>
+          Options -Indexes
+    </Directory>
+
+    <IfModule mod_dir.c>
+        DirectoryIndex index.php index.html index.cgi index.pl  index.xhtml index.htm
+    </IfModule>
+
+</VirtualHost>
\ No newline at end of file
diff --git a/ansible/files/dockercompose/docker-compose.yml b/ansible/files/dockercompose/docker-compose.yml
new file mode 100644
index 0000000..3c53bb5
--- /dev/null
+++ b/ansible/files/dockercompose/docker-compose.yml
@@ -0,0 +1,95 @@
+services:
+  front:
+    build:
+      context: ..
+      dockerfile: dockerfiles/front/Dockerfile
+    ports:
+      - "80:80"
+    volumes:
+      - ../../../doodlestudent/front:/app
+      - ./certbot/www:/var/www/certbot:ro
+      - ./certbot/conf:/etc/letsencrypt:ro
+    environment:
+      - FLASK_ENV=development
+    depends_on:
+      - back
+      - db
+      - etherpad
+      - mail
+    networks:
+      - app-network
+
+# https://stackoverflow.com/questions/57591868/how-correctly-install-ssl-certificate-using-certbot-in-docker
+  certbot:
+    image: certbot/certbot:latest
+    container_name: certbot
+    depends_on:
+      - front
+    volumes:
+      - ./certbot/www/:/var/www/certbot/:rw
+      - ./certbot/conf/:/etc/letsencrypt/:rw
+
+  back:
+    build:
+      context: ..
+      dockerfile: dockerfiles/back/DockerfileUsingApiNative
+    ports:
+      - "8080:8080"
+    volumes:
+      - ../../../doodlestudent/api:/app
+    environment:
+      - FLASK_ENV=development
+    depends_on:
+      db:
+        condition: service_healthy
+      etherpad:
+        condition: service_healthy
+    networks:
+      - app-network
+    restart: 
+      unless-stopped
+
+  db:
+    image: mysql
+    ports:
+      - "3306:3306"
+    environment:
+      - MYSQL_ROOT_PASSWORD=root
+      - MYSQL_DATABASE=tlc
+      - MYSQL_USER=tlc
+      - MYSQL_PASSWORD=tlc
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-uroot", "-proot"]
+      interval: 10s
+      timeout: 1m
+      retries: 5
+    networks:
+      - app-network
+
+  etherpad:
+    image: etherpad/etherpad:1.9.7
+    ports:
+      - "9001:9001"
+    volumes:
+      - ../../../doodlestudent/api/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt
+    networks:
+      - app-network
+    healthcheck:
+      test: ["CMD-SHELL", "node -e \"require('http').get('http://127.0.0.1:9001', res => { process.exit(res.statusCode===200?0:1) }).on('error', ()=>process.exit(1))\""]
+      interval: 30s
+      timeout: 10s
+      start_period: 15s
+      retries: 5
+
+  mail:
+    image: bytemark/smtp
+    restart: always
+    ports:
+      - "2525:25"
+    networks:
+      - app-network
+
+networks: # Declare the network to be used by the services
+  app-network: # Is a user-defined network
+    #external: false # If true, Docker Compose will look for an existing network with the same name and use it. If false or not specified, Docker Compose will create a new network.
+    name: app-network #Name of the network (optional, Docker Compose will generate one if not provided)
\ No newline at end of file
diff --git a/ansible/files/dockerfiles/back/Dockerfile b/ansible/files/dockerfiles/back/Dockerfile
new file mode 100644
index 0000000..f6bee8c
--- /dev/null
+++ b/ansible/files/dockerfiles/back/Dockerfile
@@ -0,0 +1,18 @@
+FROM alpine:3.23
+
+RUN apk --no-cache add curl bash
+
+# java 17 car c'est la version utilise dans maven (voir pom.xml)
+RUN apk --no-cache add openjdk17-jdk maven
+
+COPY doodlestudent/api /app
+
+RUN mvn install -Dpackaging=jar
+RUN mvn package -DskipTests
+
+RUN ls -l target
+
+# Quarkus semble utilise le port 8080 par defaut
+EXPOSE 8080
+
+ENTRYPOINT [ "java", "-jar", "/app/target/tlcdemoApp-1.0.0-SNAPSHOT.jar" ]
diff --git a/ansible/files/dockerfiles/back/Dockerfile2 b/ansible/files/dockerfiles/back/Dockerfile2
new file mode 100644
index 0000000..fb91a87
--- /dev/null
+++ b/ansible/files/dockerfiles/back/Dockerfile2
@@ -0,0 +1,31 @@
+FROM maven:3.9.6-eclipse-temurin-17 AS build
+
+WORKDIR /app
+
+# Copy only pom.xml first (better layer caching)
+COPY doodlestudent/api/pom.xml .
+
+# Download dependencies
+RUN mvn dependency:go-offline
+
+# Copy the rest of the source code
+COPY doodlestudent/api/src ./src
+
+# Build the application
+RUN mvn package -DskipTests
+
+# ---------------------------
+# Stage 2 - Runtime
+# ---------------------------
+FROM eclipse-temurin:17-jre-alpine
+
+WORKDIR /app
+
+# Copy the built application from the build stage
+COPY --from=build /app/target/quarkus-app/ ./quarkus-app/
+
+# Quarkus default port
+EXPOSE 8080
+
+# Run the application
+ENTRYPOINT ["java", "-jar", "quarkus-app/quarkus-run.jar"]
\ No newline at end of file
diff --git a/ansible/files/dockerfiles/back/DockerfileUsingApiNative b/ansible/files/dockerfiles/back/DockerfileUsingApiNative
new file mode 100644
index 0000000..3e632d8
--- /dev/null
+++ b/ansible/files/dockerfiles/back/DockerfileUsingApiNative
@@ -0,0 +1,40 @@
+FROM quay.io/quarkus/ubi-quarkus-mandrel-builder-image:23.0-java17 AS builder
+
+# a executer a la racine du projet
+
+USER root
+RUN microdnf install -y maven
+
+COPY doodlestudent/api /app
+
+WORKDIR /app
+
+RUN ./mvnw dependency:resolve
+
+COPY doodlestudent/api/src /app/src
+RUN ./mvnw package -Pnative -DskipTests
+
+RUN ls -l target
+
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8
+
+WORKDIR /work/
+
+COPY --from=builder --chown=1001:root /app/target/*-runner /work/application
+
+RUN chown 1001 /work \
+    && chmod "g+rwX" /work \
+    && chown 1001:root /work
+
+EXPOSE 8080
+USER 1001
+
+ENV quarkus_datasource_jdbc_url "jdbc:mysql://db:3306/tlc?allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&createDatabaseIfNotExist=true&serverTimezone=Europe/Paris"
+ENV quarkus_datasource_username tlc
+ENV quarkus_datasource_password tlc
+ENV QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION update
+ENV doodle_internalPadUrl "http://etherpad:9001/"
+ENV doodle_externalPadUrl "http://etherpad:9001/"
+ENV mailer_host mail
+ENV mailer_port 25
+CMD ["./application", "-Dquarkus.http.host=0.0.0.0"]
diff --git a/ansible/files/dockerfiles/front/Dockerfile b/ansible/files/dockerfiles/front/Dockerfile
new file mode 100644
index 0000000..223288c
--- /dev/null
+++ b/ansible/files/dockerfiles/front/Dockerfile
@@ -0,0 +1,20 @@
+FROM node:20 AS build
+
+WORKDIR /app
+
+
+COPY doodlestudent/front .
+
+RUN npm install
+
+RUN npx ng build
+
+
+FROM nginx:alpine
+
+COPY --from=build /app/dist/tlcfront /usr/share/nginx/html
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/ansible/files/info.php.j2 b/ansible/files/info.php.j2
new file mode 100644
index 0000000..61ace19
--- /dev/null
+++ b/ansible/files/info.php.j2
@@ -0,0 +1,2 @@
+<?php
+phpinfo();
diff --git a/ansible/hosts b/ansible/hosts
new file mode 100644
index 0000000..01dbc63
--- /dev/null
+++ b/ansible/hosts
@@ -0,0 +1,7 @@
+[webservers]
+192.168.56.141 ansible_ssh_user=vagrant ansible_become_pass=vagrant ansible_python_interpreter=/usr/bin/python3
+
+[webservers:vars]
+ansible_connection=ssh
+ansible_ssh_user=vagrant
+ansible_ssh_pass=vagrant
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
new file mode 100755
index 0000000..ebb7569
--- /dev/null
+++ b/ansible/playbook.yml
@@ -0,0 +1,97 @@
+##################################################
+# DO Community Playbooks: LAMP on Ubuntu 18.04
+##################################################
+---
+- hosts: all
+  become: true
+  vars_files:
+    - vars/default.yml
+
+  tasks:
+    - name: Install prerequisites
+      apt: 
+        name: 'aptitude'
+        update_cache: true
+
+  #Apache Configuration
+    - name: Install LAMP Packages
+      apt: 
+        name: [ 'apache2', 'python3-pip', 'mysql-server', 'php', 'php-mysql', 'libapache2-mod-php' ]
+        state: present
+
+    - name: Make sure pymysql is present
+      become: true # needed if the other tasks are not played as root
+      pip:
+        name: pymysql
+        state: present
+
+    - name: Create document root
+      file:
+        path: "/var/www/{{ http_host }}"
+        state: directory
+        owner: "{{ app_user }}"
+        mode: '0755'
+
+    - name: Set up Apache virtualhost
+      template:
+        src: "files/apache.conf.j2"
+        dest: "/etc/apache2/sites-available/{{ http_conf }}"
+      notify: Reload Apache
+
+    - name: Enable new site
+      shell: /usr/sbin/a2ensite {{ http_conf }}
+      notify: Reload Apache
+
+    - name: Disable default Apache site
+      shell: /usr/sbin/a2dissite 000-default.conf
+      when: disable_default
+      notify: Reload Apache
+
+  # MySQL Configuration
+    - name: Sets the root password
+      mysql_user:
+        name: root
+        password: "{{ mysql_root_password }}"
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+    - name: Removes all anonymous user accounts
+      mysql_user:
+        name: ''
+        host_all: yes
+        state: absent
+        login_user: root
+        login_password: "{{ mysql_root_password }}"
+
+    - name: Removes the MySQL test database
+      mysql_db:
+        name: test
+        state: absent
+        login_user: root
+        login_password: "{{ mysql_root_password }}"
+
+  # UFW Configuration
+    - name: "UFW - Allow HTTP on port {{ http_port }}"
+      ufw:
+        rule: allow
+        port: "{{ http_port }}"
+        proto: tcp
+
+
+    - name : configure docker-compose
+      copy:
+        src: "files/docker-compose.yml"
+        dest: "/home/{{ app_user }}/docker-compose.yml"
+        owner: "{{ app_user }}"
+        mode: '0644'
+
+
+  handlers:
+    - name: Reload Apache
+      service:
+        name: apache2
+        state: reloaded
+
+    - name: Restart Apache
+      service:
+        name: apache2
+        state: restarted
diff --git a/ansible/vars/default.yml b/ansible/vars/default.yml
new file mode 100644
index 0000000..8bce145
--- /dev/null
+++ b/ansible/vars/default.yml
@@ -0,0 +1,7 @@
+---
+mysql_root_password: "mysql_root_password"
+app_user: "vagrant"
+http_host: "demotlc"
+http_conf: "demotlc.conf"
+http_port: "80"
+disable_default: true
\ No newline at end of file
diff --git a/commands.md b/commands.md
new file mode 100644
index 0000000..9e20f98
--- /dev/null
+++ b/commands.md
@@ -0,0 +1,10 @@
+# Commandes
+
+```bash
+docker compose -f "./ansible/files/dockercompose/docker-compose.yml" up
+```
+
+```bash 
+docker compose down -v
+docker volume prune
+```
\ No newline at end of file
diff --git a/compose.yml b/compose.yml
deleted file mode 100644
index 8618416..0000000
--- a/compose.yml
+++ /dev/null
@@ -1,81 +0,0 @@
-services:
-  nginx:
-    build:
-      context: ..
-      dockerfile: dockerfiles/nginx/Dockerfile
-    ports:
-      - "80:80"
-    depends_on:
-      - db
-      - etherpad
-    networks:
-      - app-network
-
-  front:
-    build:
-      context: .
-      dockerfile: dockerfiles/front/Dockerfile
-
-    ports:
-      - "5000:80"
-    volumes:
-      - ./doodlestudent/front:/app
-    environment:
-      - FLASK_ENV=development
-    networks:
-      - app-network
-
-  back:
-    build:
-      context: .
-      dockerfile: dockerfiles/back/DockerfileUsingApiNative
-    ports:
-      - "8080:8080"
-    volumes:
-      - ./doodlestudent/api:/app
-    environment:
-      - FLASK_ENV=development
-    depends_on:
-      db:
-        condition: service_healthy
-    networks:
-      - app-network
-
-  db:
-    image: mysql
-    ports:
-      - "3306:3306"
-    environment:
-      - MYSQL_ROOT_PASSWORD=root
-      - MYSQL_DATABASE=tlc
-      - MYSQL_USER=tlc
-      - MYSQL_PASSWORD=tlc
-    healthcheck:
-      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u tlc", "-p tlc"]
-      interval: 5s
-      timeout: 5s
-      retries: 10
-    networks:
-      - app-network
-
-  etherpad:
-    image: etherpad/etherpad
-    ports:
-      - "9001:9001"
-    volumes:
-      - ./doodlestudent/api/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt
-    networks:
-      - app-network
-
-  mail:
-    image: bytemark/smtp
-    restart: always
-    ports:
-      - "2525:25"
-    networks:
-      - app-network
-
-networks:
-  app-network:
-    external: false
-    name: app-network
\ No newline at end of file
diff --git a/vagrant/libvirt/.vagrant/rgloader/loader.rb b/vagrant/libvirt/.vagrant/rgloader/loader.rb
new file mode 100644
index 0000000..b6c81bf
--- /dev/null
+++ b/vagrant/libvirt/.vagrant/rgloader/loader.rb
@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end
diff --git a/vagrant/libvirt/Vagrantfile b/vagrant/libvirt/Vagrantfile
new file mode 100644
index 0000000..7b3e46a
--- /dev/null
+++ b/vagrant/libvirt/Vagrantfile
@@ -0,0 +1,27 @@
+# ####################################################################
+# ################### CONFIGURATION VARIABLES ########################
+# ####################################################################
+IMAGE_NAME = "generic/ubuntu2204"   # Image to use
+MEM = 2048                          # Amount of RAM
+CPU = 1                             # Number of processors
+SLAVE_NBR = 2                       # Number of slaves node
+
+
+Vagrant.configure("2") do |config|
+    # RAM and CPU config
+    config.vm.provider "libvirt" do |v|
+        v.memory = MEM
+        v.cpus = CPU
+    end
+
+    # Slave node config
+    (1..SLAVE_NBR).each do |i|
+        config.ssh.insert_key = false
+        config.vm.define "slave-#{i}" do |slave|
+            # OS and Hostname
+            slave.vm.box = IMAGE_NAME
+            slave.vm.hostname = "slave-#{i}"
+            slave.vm.network "private_network", ip: "192.168.56.14#{i}"            
+        end
+    end
+end
\ No newline at end of file
diff --git a/vagrant/virtualbox/.vagrant/rgloader/loader.rb b/vagrant/virtualbox/.vagrant/rgloader/loader.rb
new file mode 100644
index 0000000..b6c81bf
--- /dev/null
+++ b/vagrant/virtualbox/.vagrant/rgloader/loader.rb
@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end
diff --git a/vagrant/virtualbox/Vagrantfile b/vagrant/virtualbox/Vagrantfile
new file mode 100644
index 0000000..ce7930a
--- /dev/null
+++ b/vagrant/virtualbox/Vagrantfile
@@ -0,0 +1,27 @@
+# ####################################################################
+# ################### CONFIGURATION VARIABLES ########################
+# ####################################################################
+IMAGE_NAME = "generic/ubuntu2204"   # Image to use
+MEM = 2048                          # Amount of RAM
+CPU = 1                             # Number of processors
+SLAVE_NBR = 1                       # Number of slaves node
+
+
+Vagrant.configure("2") do |config|
+    # RAM and CPU config
+    config.vm.provider "virtualbox" do |v|
+        v.memory = MEM
+        v.cpus = CPU
+    end
+
+    # Slave node config
+    (1..SLAVE_NBR).each do |i|
+        config.ssh.insert_key = false
+        config.vm.define "slave-#{i}" do |slave|
+            # OS and Hostname
+            slave.vm.box = IMAGE_NAME
+            slave.vm.hostname = "slave-#{i}"
+            slave.vm.network "private_network", ip: "192.168.56.14#{i}"            
+        end
+    end
+end
\ No newline at end of file