vuminh224/projet-tlc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

deplacement dans ansible des fichiers docker

Browse Source
This commit is contained in:
Alexandre Chevalier
2026-02-13 16:48:19 +01:00
parent 7fe633c476
commit fda23a778e
17 changed files with 429 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -58,7 +58,9 @@ Pour chaque TP, vous devrez ajouter votre enseignant en tant que membre du proje
:warning: Vous aurez du mal à avoir un fonctionnement correct à cette étape-là. En effet, le code du front va faire ces requêtes *REST* à la même adresse que celui qui lui a fourni le code html, css et js pour éviter les problèmes de CORS. Il est donc nécessaire de se forcer à configurer le serveur nginx qui délivre le front pour faire *proxy_pass* quand il reçoit une requête sur la route */api* ou une sous-route de */api*. Ne vous inquiétez pas, on configure cela à l'étape suivante.
- **Tâche 2**: Configurer le serveur Web du Front pour qu'il soit capable de servir de point d'entrée à l'ensemble des requêtes puis qu'il les *route* vers le bon service de Back. Il est possible de mettre en place un serveur Web spécifique pour gérer ce routing (on le nomme alors la gateway d'API). On peut aussi dans notre cas se servir du fichier nginx du front pour router les requêtes.
- **Tâche 2**: Configurer le serveur Web du Front pour qu'il soit capable de servir de point d'entrée à l'ensemble des requêtes puis qu'il l
- es *route* vers le bon service de Back. Il est possible de mettre en place un serveur Web spécifique pour gérer ce routing (on le nomme alors la gateway d'API).
- On peut aussi dans notre cas se servir du fichier nginx du front pour router les requêtes.
<details>
<summary>Exemples de fichiers de configuration nginx</summary>
@@ -130,9 +132,11 @@ server {
</details>
- **Tâche 3**: Déployer correctement une première fois votre application en configurant convenablement la partie DNS pour le reverse proxy, letsencrypt pour le certificat côté serveur et ufw pour le firewall sur votre machine virtuelle.
- **Tâche 3**: Déployer correctement une première fois votre application en configurant convenablement la partie DNS pour le reverse proxy, letsencrypt
pour le certificat côté serveur et ufw pour le firewall sur votre machine virtuelle.
En gros, vous allez prendre votre fichier docker-compose, votre fichier de configuration nginx, votre front et mettre cela sur votre VM. Mettre les bonnes variables de configuration dans ces deux fichiers. Vous aurez besoin soit de builder les images sur la VM soit de pushé vos images sur le docker_hub afin de pouvoir les *puller* depuis votre VM.
En gros, vous allez prendre votre fichier docker-compose, votre fichier de configuration nginx, votre front et mettre cela sur votre VM. Mettre les bonnes variables de configuration
dans ces deux fichiers. Vous aurez besoin soit de builder les images sur la VM soit de pushé vos images sur le docker_hub afin de pouvoir les *puller* depuis votre VM.
- **Tâche 4**: Documenter, à l'aide d'un diagramme de déploiement UML ou autre notation, le déploiement réalisé pour le moment sur votre machine virtuelle.

17
ansible/files/apache.conf.j2 Normal file
View File

@@ -0,0 +1,17 @@
<VirtualHost *:{{ http_port }}>
ServerAdmin webmaster@localhost
ServerName {{ http_host }}
ServerAlias www.{{ http_host }}
DocumentRoot /var/www/{{ http_host }}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/{{ http_host }}>
Options -Indexes
</Directory>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>
</VirtualHost>

95
ansible/files/dockercompose/docker-compose.yml Normal file
View File

@@ -0,0 +1,95 @@
services:
front:
build:
context: ..
dockerfile: dockerfiles/front/Dockerfile
ports:
- "80:80"
volumes:
- ../../../doodlestudent/front:/app
- ./certbot/www:/var/www/certbot:ro
- ./certbot/conf:/etc/letsencrypt:ro
environment:
- FLASK_ENV=development
depends_on:
- back
- db
- etherpad
- mail
networks:
- app-network
# https://stackoverflow.com/questions/57591868/how-correctly-install-ssl-certificate-using-certbot-in-docker
certbot:
image: certbot/certbot:latest
container_name: certbot
depends_on:
- front
volumes:
- ./certbot/www/:/var/www/certbot/:rw
- ./certbot/conf/:/etc/letsencrypt/:rw
back:
build:
context: ..
dockerfile: dockerfiles/back/DockerfileUsingApiNative
ports:
- "8080:8080"
volumes:
- ../../../doodlestudent/api:/app
environment:
- FLASK_ENV=development
depends_on:
db:
condition: service_healthy
etherpad:
condition: service_healthy
networks:
- app-network
restart:
unless-stopped
db:
image: mysql
ports:
- "3306:3306"
environment:
- MYSQL_ROOT_PASSWORD=root
- MYSQL_DATABASE=tlc
- MYSQL_USER=tlc
- MYSQL_PASSWORD=tlc
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-uroot", "-proot"]
interval: 10s
timeout: 1m
retries: 5
networks:
- app-network
etherpad:
image: etherpad/etherpad:1.9.7
ports:
- "9001:9001"
volumes:
- ../../../doodlestudent/api/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt
networks:
- app-network
healthcheck:
test: ["CMD-SHELL", "node -e \"require('http').get('http://127.0.0.1:9001', res => { process.exit(res.statusCode===200?0:1) }).on('error', ()=>process.exit(1))\""]
interval: 30s
timeout: 10s
start_period: 15s
retries: 5
mail:
image: bytemark/smtp
restart: always
ports:
- "2525:25"
networks:
- app-network
networks: # Declare the network to be used by the services
app-network: # Is a user-defined network
#external: false # If true, Docker Compose will look for an existing network with the same name and use it. If false or not specified, Docker Compose will create a new network.
name: app-network #Name of the network (optional, Docker Compose will generate one if not provided)

18
ansible/files/dockerfiles/back/Dockerfile Normal file
View File

@@ -0,0 +1,18 @@
FROM alpine:3.23
RUN apk --no-cache add curl bash
# java 17 car c'est la version utilise dans maven (voir pom.xml)
RUN apk --no-cache add openjdk17-jdk maven
COPY doodlestudent/api /app
RUN mvn install -Dpackaging=jar
RUN mvn package -DskipTests
RUN ls -l target
# Quarkus semble utilise le port 8080 par defaut
EXPOSE 8080
ENTRYPOINT [ "java", "-jar", "/app/target/tlcdemoApp-1.0.0-SNAPSHOT.jar" ]

31
ansible/files/dockerfiles/back/Dockerfile2 Normal file
View File

@@ -0,0 +1,31 @@
FROM maven:3.9.6-eclipse-temurin-17 AS build
WORKDIR /app
# Copy only pom.xml first (better layer caching)
COPY doodlestudent/api/pom.xml .
# Download dependencies
RUN mvn dependency:go-offline
# Copy the rest of the source code
COPY doodlestudent/api/src ./src
# Build the application
RUN mvn package -DskipTests
# ---------------------------
# Stage 2 - Runtime
# ---------------------------
FROM eclipse-temurin:17-jre-alpine
WORKDIR /app
# Copy the built application from the build stage
COPY --from=build /app/target/quarkus-app/ ./quarkus-app/
# Quarkus default port
EXPOSE 8080
# Run the application
ENTRYPOINT ["java", "-jar", "quarkus-app/quarkus-run.jar"]

40
ansible/files/dockerfiles/back/DockerfileUsingApiNative Normal file
View File

@@ -0,0 +1,40 @@
FROM quay.io/quarkus/ubi-quarkus-mandrel-builder-image:23.0-java17 AS builder
# a executer a la racine du projet
USER root
RUN microdnf install -y maven
COPY doodlestudent/api /app
WORKDIR /app
RUN ./mvnw dependency:resolve
COPY doodlestudent/api/src /app/src
RUN ./mvnw package -Pnative -DskipTests
RUN ls -l target
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.8
WORKDIR /work/
COPY --from=builder --chown=1001:root /app/target/*-runner /work/application
RUN chown 1001 /work \
&& chmod "g+rwX" /work \
&& chown 1001:root /work
EXPOSE 8080
USER 1001
ENV quarkus_datasource_jdbc_url "jdbc:mysql://db:3306/tlc?allowPublicKeyRetrieval=true&useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&createDatabaseIfNotExist=true&serverTimezone=Europe/Paris"
ENV quarkus_datasource_username tlc
ENV quarkus_datasource_password tlc
ENV QUARKUS_HIBERNATE_ORM_DATABASE_GENERATION update
ENV doodle_internalPadUrl "http://etherpad:9001/"
ENV doodle_externalPadUrl "http://etherpad:9001/"
ENV mailer_host mail
ENV mailer_port 25
CMD ["./application", "-Dquarkus.http.host=0.0.0.0"]

20
ansible/files/dockerfiles/front/Dockerfile Normal file
View File

@@ -0,0 +1,20 @@
FROM node:20 AS build
WORKDIR /app
COPY doodlestudent/front .
RUN npm install
RUN npx ng build
FROM nginx:alpine
COPY --from=build /app/dist/tlcfront /usr/share/nginx/html
COPY nginx.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

2
ansible/files/info.php.j2 Normal file
View File

@@ -0,0 +1,2 @@
<?php
phpinfo();

7
ansible/hosts Normal file
View File

@@ -0,0 +1,7 @@
[webservers]
192.168.56.141 ansible_ssh_user=vagrant ansible_become_pass=vagrant ansible_python_interpreter=/usr/bin/python3
[webservers:vars]
ansible_connection=ssh
ansible_ssh_user=vagrant
ansible_ssh_pass=vagrant

97
ansible/playbook.yml Executable file
View File

@@ -0,0 +1,97 @@
##################################################
# DO Community Playbooks: LAMP on Ubuntu 18.04
##################################################
---
- hosts: all
become: true
vars_files:
- vars/default.yml
tasks:
- name: Install prerequisites
apt:
name: 'aptitude'
update_cache: true
#Apache Configuration
- name: Install LAMP Packages
apt:
name: [ 'apache2', 'python3-pip', 'mysql-server', 'php', 'php-mysql', 'libapache2-mod-php' ]
state: present
- name: Make sure pymysql is present
become: true # needed if the other tasks are not played as root
pip:
name: pymysql
state: present
- name: Create document root
file:
path: "/var/www/{{ http_host }}"
state: directory
owner: "{{ app_user }}"
mode: '0755'
- name: Set up Apache virtualhost
template:
src: "files/apache.conf.j2"
dest: "/etc/apache2/sites-available/{{ http_conf }}"
notify: Reload Apache
- name: Enable new site
shell: /usr/sbin/a2ensite {{ http_conf }}
notify: Reload Apache
- name: Disable default Apache site
shell: /usr/sbin/a2dissite 000-default.conf
when: disable_default
notify: Reload Apache
# MySQL Configuration
- name: Sets the root password
mysql_user:
name: root
password: "{{ mysql_root_password }}"
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Removes all anonymous user accounts
mysql_user:
name: ''
host_all: yes
state: absent
login_user: root
login_password: "{{ mysql_root_password }}"
- name: Removes the MySQL test database
mysql_db:
name: test
state: absent
login_user: root
login_password: "{{ mysql_root_password }}"
# UFW Configuration
- name: "UFW - Allow HTTP on port {{ http_port }}"
ufw:
rule: allow
port: "{{ http_port }}"
proto: tcp
- name : configure docker-compose
copy:
src: "files/docker-compose.yml"
dest: "/home/{{ app_user }}/docker-compose.yml"
owner: "{{ app_user }}"
mode: '0644'
handlers:
- name: Reload Apache
service:
name: apache2
state: reloaded
- name: Restart Apache
service:
name: apache2
state: restarted

7
ansible/vars/default.yml Normal file
View File

@@ -0,0 +1,7 @@
---
mysql_root_password: "mysql_root_password"
app_user: "vagrant"
http_host: "demotlc"
http_conf: "demotlc.conf"
http_port: "80"
disable_default: true

10
commands.md Normal file
View File

@@ -0,0 +1,10 @@
# Commandes
```bash
docker compose -f "./ansible/files/dockercompose/docker-compose.yml" up
```
```bash
docker compose down -v
docker volume prune
```

81
compose.yml
View File

@@ -1,81 +0,0 @@
services:
nginx:
build:
context: ..
dockerfile: dockerfiles/nginx/Dockerfile
ports:
- "80:80"
depends_on:
- db
- etherpad
networks:
- app-network
front:
build:
context: .
dockerfile: dockerfiles/front/Dockerfile
ports:
- "5000:80"
volumes:
- ./doodlestudent/front:/app
environment:
- FLASK_ENV=development
networks:
- app-network
back:
build:
context: .
dockerfile: dockerfiles/back/DockerfileUsingApiNative
ports:
- "8080:8080"
volumes:
- ./doodlestudent/api:/app
environment:
- FLASK_ENV=development
depends_on:
db:
condition: service_healthy
networks:
- app-network
db:
image: mysql
ports:
- "3306:3306"
environment:
- MYSQL_ROOT_PASSWORD=root
- MYSQL_DATABASE=tlc
- MYSQL_USER=tlc
- MYSQL_PASSWORD=tlc
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u tlc", "-p tlc"]
interval: 5s
timeout: 5s
retries: 10
networks:
- app-network
etherpad:
image: etherpad/etherpad
ports:
- "9001:9001"
volumes:
- ./doodlestudent/api/APIKEY.txt:/opt/etherpad-lite/APIKEY.txt
networks:
- app-network
mail:
image: bytemark/smtp
restart: always
ports:
- "2525:25"
networks:
- app-network
networks:
app-network:
external: false
name: app-network

12
vagrant/libvirt/.vagrant/rgloader/loader.rb Normal file
View File

@@ -0,0 +1,12 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
# This file loads the proper rgloader/loader.rb file that comes packaged
# with Vagrant so that encoded files can properly run with Vagrant.
if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
require File.expand_path(
"rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
else
raise "Encoded files can't be read outside of the Vagrant installer."
end

27
vagrant/libvirt/Vagrantfile vendored Normal file
View File

@@ -0,0 +1,27 @@
# ####################################################################
# ################### CONFIGURATION VARIABLES ########################
# ####################################################################
IMAGE_NAME = "generic/ubuntu2204" # Image to use
MEM = 2048 # Amount of RAM
CPU = 1 # Number of processors
SLAVE_NBR = 2 # Number of slaves node
Vagrant.configure("2") do |config|
# RAM and CPU config
config.vm.provider "libvirt" do |v|
v.memory = MEM
v.cpus = CPU
end
# Slave node config
(1..SLAVE_NBR).each do |i|
config.ssh.insert_key = false
config.vm.define "slave-#{i}" do |slave|
# OS and Hostname
slave.vm.box = IMAGE_NAME
slave.vm.hostname = "slave-#{i}"
slave.vm.network "private_network", ip: "192.168.56.14#{i}"
end
end
end

12
vagrant/virtualbox/.vagrant/rgloader/loader.rb Normal file
View File

@@ -0,0 +1,12 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
# This file loads the proper rgloader/loader.rb file that comes packaged
# with Vagrant so that encoded files can properly run with Vagrant.
if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
require File.expand_path(
"rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
else
raise "Encoded files can't be read outside of the Vagrant installer."
end

27
vagrant/virtualbox/Vagrantfile vendored Normal file
View File

@@ -0,0 +1,27 @@
# ####################################################################
# ################### CONFIGURATION VARIABLES ########################
# ####################################################################
IMAGE_NAME = "generic/ubuntu2204" # Image to use
MEM = 2048 # Amount of RAM
CPU = 1 # Number of processors
SLAVE_NBR = 1 # Number of slaves node
Vagrant.configure("2") do |config|
# RAM and CPU config
config.vm.provider "virtualbox" do |v|
v.memory = MEM
v.cpus = CPU
end
# Slave node config
(1..SLAVE_NBR).each do |i|
config.ssh.insert_key = false
config.vm.define "slave-#{i}" do |slave|
# OS and Hostname
slave.vm.box = IMAGE_NAME
slave.vm.hostname = "slave-#{i}"
slave.vm.network "private_network", ip: "192.168.56.14#{i}"
end
end
end