diff --git a/PRA06_ANSWER/amazon/2024-12-16_15-57.png b/PRA06_ANSWER/amazon/2024-12-16_15-57.png new file mode 100644 index 00000000..fc9e86e6 Binary files /dev/null and b/PRA06_ANSWER/amazon/2024-12-16_15-57.png differ diff --git a/PRA06_ANSWER/amazon/aws-cluster-created.png b/PRA06_ANSWER/amazon/aws-cluster-created.png new file mode 100644 index 00000000..94d181b3 Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-cluster-created.png differ diff --git a/PRA06_ANSWER/amazon/aws-deploy/AWS-ECR-TAG-PUSH.png b/PRA06_ANSWER/amazon/aws-deploy/AWS-ECR-TAG-PUSH.png new file mode 100644 index 00000000..6051e007 Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-deploy/AWS-ECR-TAG-PUSH.png differ diff --git a/PRA06_ANSWER/amazon/aws-deploy/aws-bill.png b/PRA06_ANSWER/amazon/aws-deploy/aws-bill.png new file mode 100644 index 00000000..104db84d Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-deploy/aws-bill.png differ diff --git a/PRA06_ANSWER/amazon/aws-deploy/aws-deploy-ok.png b/PRA06_ANSWER/amazon/aws-deploy/aws-deploy-ok.png new file mode 100644 index 00000000..61886c9d Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-deploy/aws-deploy-ok.png differ diff --git a/PRA06_ANSWER/amazon/aws-service1.png b/PRA06_ANSWER/amazon/aws-service1.png new file mode 100644 index 00000000..199ced4c Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-service1.png differ diff --git a/PRA06_ANSWER/amazon/aws-service2.png b/PRA06_ANSWER/amazon/aws-service2.png new file mode 100644 index 00000000..be83863d Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-service2.png differ diff --git a/PRA06_ANSWER/amazon/aws-service3.png b/PRA06_ANSWER/amazon/aws-service3.png new file mode 100644 index 00000000..e432d9d5 Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-service3.png differ diff --git a/PRA06_ANSWER/amazon/aws-service4.png b/PRA06_ANSWER/amazon/aws-service4.png new file mode 100644 index 00000000..b3a33bbc Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-service4.png differ diff --git a/PRA06_ANSWER/amazon/aws-service5.png b/PRA06_ANSWER/amazon/aws-service5.png new file mode 100644 index 00000000..b645e5ac Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-service5.png differ diff --git a/PRA06_ANSWER/amazon/aws-service6.png b/PRA06_ANSWER/amazon/aws-service6.png new file mode 100644 index 00000000..dc97f6b7 Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-service6.png differ diff --git a/PRA06_ANSWER/amazon/aws-service7.png b/PRA06_ANSWER/amazon/aws-service7.png new file mode 100644 index 00000000..597305cf Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-service7.png differ diff --git a/PRA06_ANSWER/amazon/aws-service8-deploying.png b/PRA06_ANSWER/amazon/aws-service8-deploying.png new file mode 100644 index 00000000..83fa30a0 Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-service8-deploying.png differ diff --git a/PRA06_ANSWER/amazon/aws-task1.png b/PRA06_ANSWER/amazon/aws-task1.png new file mode 100644 index 00000000..c78fc529 Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-task1.png differ diff --git a/PRA06_ANSWER/amazon/aws-task2.png b/PRA06_ANSWER/amazon/aws-task2.png new file mode 100644 index 00000000..bcb79a6c Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-task2.png differ diff --git a/PRA06_ANSWER/amazon/aws-task3.png b/PRA06_ANSWER/amazon/aws-task3.png new file mode 100644 index 00000000..dc018945 Binary files /dev/null and b/PRA06_ANSWER/amazon/aws-task3.png differ diff --git a/PRA06_ANSWER/aws-prac.md b/PRA06_ANSWER/aws-prac.md new file mode 100644 index 00000000..6d1694f5 --- /dev/null +++ b/PRA06_ANSWER/aws-prac.md @@ -0,0 +1,56 @@ +## + +### 1. Create an AWS Account + +- [x] Visit the AWS website and click "Create an AWS Account" +- [x] Follow the registration process, providing necessary information +- [x] Choose a support plan (Basic is free and sufficient for this exercise) + +#### 2. Set Up AWS Budget and Billing Alerts + +- [x] Navigate to AWS Budgets in the AWS Management Console + +- [x] Click "Create budget" and choose "Customize (advanced)" + +- [x] Select "Cost budget" and set a monthly fixed budget + +- [x] Configure alerts for 80% of your budgeted amount + +- [x] Set up an action to automatically apply an IAM policy restricting resource creation when the budget is exceeded + +#### 3. Create AWS Services for Spring Boot Docker Deployment + +###### Set up Amazon Elastic Container Registry (ECR) + +- [x] Open the Amazon ECR console + +- [x] Click "Create repository" + +- [x] Name your repository (e.g., "spring-boot-app") + +- [x] Configure repository settings and create + +###### Configure Amazon Elastic Container Service (ECS) + +- [x] Open the Amazon ECS console + +- [x] Click "Create Cluster" + +- [x] Choose "Networking only" for Fargate compatibility + +- [x] Name your cluster and create + +##### Set up AWS Fargate + +- [x] In the ECS console, create a new task definition +- [x] Choose Fargate as the launch type +- [x] Configure task size (CPU and memory) +- [x] Add container details using the ECR image + +#### 4. Update Jenkins Pipeline for AWS Deployment + +- [x] Modify your jenkins pipeline to include AWS deployment steps + +#### 5. Deploy Spring Boot Application + +- [x] Run the Jenkins pipeline to build and push the Docker image to ECR diff --git a/PRA06_ANSWER/pipe-aws/error-authorization.md b/PRA06_ANSWER/pipe-aws/error-authorization.md new file mode 100644 index 00000000..ca443309 --- /dev/null +++ b/PRA06_ANSWER/pipe-aws/error-authorization.md @@ -0,0 +1,28 @@ +### Error authorization + + +1. The **`devops`** user does not have permission to perform the `ecr-public:GetAuthorizationToken` operation on Amazon ECR. + +**Verify that the policies are correctly applied**: + +- **AmazonEC2ContainerRegistryFullAccess**: This policy allows the user to access both public and private ECR repositories. +- **AmazonECRPublicFullAccess**: This policy is required to specifically access public ECR repositories. +- **Access the IAM console:** + + - Log in to the AWS console. + - Go to IAM (Identity and Access Management). + + **Select the devops user:** + + - In the left panel, select Users, then click on the devops user. + + **Attach the AmazonECRPublicFullAccess policy:** + + - Click on the Permissions tab. + - In the top-right corner, click on Add permissions. + - Select Attach existing policies directly. + - Search for the AmazonECRPublicFullAccess policy in the list and check the box next to it. + - Click Review and then click Add permissions. + + + pipeline-push-ecr-ok.png diff --git a/PRA06_ANSWER/pipe-aws/output.txt b/PRA06_ANSWER/pipe-aws/output.txt new file mode 100644 index 00000000..e3c97b6e --- /dev/null +++ b/PRA06_ANSWER/pipe-aws/output.txt @@ -0,0 +1,100 @@ +Started by user CRhACKER7 + +[Pipeline] Start of Pipeline +[Pipeline] node +Running on Jenkins + in /var/jenkins_home/workspace/pipe3-aws-pra +[Pipeline] { +[Pipeline] withEnv +[Pipeline] { +[Pipeline] stage +[Pipeline] { (Pull from DockerHub) +[Pipeline] sh ++ docker pull crhacker7/books-pageable-backend:latest +latest: Pulling from crhacker7/books-pageable-backend +a803e7c4b030: Already exists +b4972576c83d: Already exists +af800cd8441e: Already exists +b2adc153a57b: Already exists +3e7eeb32da62: Already exists +Digest: sha256:b24b9330527b9a0b5a251bfd5c278fa4c43b92fb3ad1b9ccf2bdacc9735db7fa +Status: Downloaded newer image for crhacker7/books-pageable-backend:latest +docker.io/crhacker7/books-pageable-backend:latest +[Pipeline] } +[Pipeline] // stage +[Pipeline] stage +[Pipeline] { (Tag for ECR) +[Pipeline] sh ++ docker tag crhacker7/books-pageable-backend:latest public.ecr.aws/z4y4h0k9/spring-boot-app:3 +[Pipeline] sh ++ docker tag crhacker7/books-pageable-backend:latest public.ecr.aws/z4y4h0k9/spring-boot-app:latest +[Pipeline] } +[Pipeline] // stage +[Pipeline] stage +[Pipeline] { (Push to ECR) +[Pipeline] withCredentials +Masking supported pattern matches of $AWS_ACCESS_KEY_ID or $AWS_SECRET_ACCESS_KEY +[Pipeline] { +[Pipeline] sh ++ aws ecr-public get-login-password --region us-east-1 ++ docker login --username AWS --password-stdin public.ecr.aws/z4y4h0k9 +WARNING! Your password will be stored unencrypted in /var/jenkins_home/.docker/config.json. +Configure a credential helper to remove this warning. See +https://docs.docker.com/engine/reference/commandline/login/#credential-stores + +Login Succeeded +[Pipeline] sh ++ docker push public.ecr.aws/z4y4h0k9/spring-boot-app:3 +The push refers to repository [public.ecr.aws/z4y4h0k9/spring-boot-app] +974ed95b9915: Preparing +f82750e12aa6: Preparing +659a8c4ba776: Preparing +0ac7ecf8a41c: Preparing +d310e774110a: Preparing +d310e774110a: Layer already exists +0ac7ecf8a41c: Layer already exists +659a8c4ba776: Layer already exists +f82750e12aa6: Pushed +974ed95b9915: Pushed +3: digest: sha256:b24b9330527b9a0b5a251bfd5c278fa4c43b92fb3ad1b9ccf2bdacc9735db7fa size: 1371 +[Pipeline] sh ++ docker push public.ecr.aws/z4y4h0k9/spring-boot-app:latest +The push refers to repository [public.ecr.aws/z4y4h0k9/spring-boot-app] +974ed95b9915: Preparing +f82750e12aa6: Preparing +659a8c4ba776: Preparing +0ac7ecf8a41c: Preparing +d310e774110a: Preparing +f82750e12aa6: Layer already exists +659a8c4ba776: Layer already exists +d310e774110a: Layer already exists +974ed95b9915: Layer already exists +0ac7ecf8a41c: Layer already exists +latest: digest: sha256:b24b9330527b9a0b5a251bfd5c278fa4c43b92fb3ad1b9ccf2bdacc9735db7fa size: 1371 +[Pipeline] } +[Pipeline] // withCredentials +[Pipeline] } +[Pipeline] // stage +[Pipeline] stage +[Pipeline] { (Declarative: Post Actions) +[Pipeline] sh ++ docker rmi crhacker7/books-pageable-backend:latest +Untagged: crhacker7/books-pageable-backend:latest +Untagged: crhacker7/books-pageable-backend@sha256:b24b9330527b9a0b5a251bfd5c278fa4c43b92fb3ad1b9ccf2bdacc9735db7fa +[Pipeline] sh ++ docker rmi public.ecr.aws/z4y4h0k9/spring-boot-app:3 +Untagged: public.ecr.aws/z4y4h0k9/spring-boot-app:3 +[Pipeline] sh ++ docker rmi public.ecr.aws/z4y4h0k9/spring-boot-app:latest +Untagged: public.ecr.aws/z4y4h0k9/spring-boot-app:latest +Untagged: public.ecr.aws/z4y4h0k9/spring-boot-app@sha256:b24b9330527b9a0b5a251bfd5c278fa4c43b92fb3ad1b9ccf2bdacc9735db7fa +Deleted: sha256:fe0cc31eaa48d12ff6fd1992399b47e22385cd520c20f95d24ee004aad606893 +[Pipeline] } +[Pipeline] // stage +[Pipeline] } +[Pipeline] // withEnv +[Pipeline] } +[Pipeline] // node +[Pipeline] End of Pipeline +Finished: SUCCESS + diff --git a/PRA06_ANSWER/pipe-aws/pipe-build-run-works.png b/PRA06_ANSWER/pipe-aws/pipe-build-run-works.png new file mode 100644 index 00000000..6c7ecf7f Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipe-build-run-works.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipe-ecr.png b/PRA06_ANSWER/pipe-aws/pipe-ecr.png new file mode 100644 index 00000000..1053e7ee Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipe-ecr.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipe-ecr2.png b/PRA06_ANSWER/pipe-aws/pipe-ecr2.png new file mode 100644 index 00000000..da86d989 Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipe-ecr2.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipe-error-port-allocated.png b/PRA06_ANSWER/pipe-aws/pipe-error-port-allocated.png new file mode 100644 index 00000000..8ee837de Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipe-error-port-allocated.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipe-pra06-error-credential.png b/PRA06_ANSWER/pipe-aws/pipe-pra06-error-credential.png new file mode 100644 index 00000000..745938f7 Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipe-pra06-error-credential.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipe-pull-tag-push-ecr.png b/PRA06_ANSWER/pipe-aws/pipe-pull-tag-push-ecr.png new file mode 100644 index 00000000..0e37bb1d Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipe-pull-tag-push-ecr.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipe-pull-tag-push-ecr2.png b/PRA06_ANSWER/pipe-aws/pipe-pull-tag-push-ecr2.png new file mode 100644 index 00000000..cfba5bf9 Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipe-pull-tag-push-ecr2.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipe-pull-tag-push-ecr3.png b/PRA06_ANSWER/pipe-aws/pipe-pull-tag-push-ecr3.png new file mode 100644 index 00000000..b4690c93 Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipe-pull-tag-push-ecr3.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipe-push-ecr-success.png b/PRA06_ANSWER/pipe-aws/pipe-push-ecr-success.png new file mode 100644 index 00000000..d015a22b Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipe-push-ecr-success.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipe-push-ecr-success2.png b/PRA06_ANSWER/pipe-aws/pipe-push-ecr-success2.png new file mode 100644 index 00000000..22a7c36d Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipe-push-ecr-success2.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipeline-push-ecr-error1.png b/PRA06_ANSWER/pipe-aws/pipeline-push-ecr-error1.png new file mode 100644 index 00000000..0b4236d6 Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipeline-push-ecr-error1.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipeline-push-ecr-ok.png b/PRA06_ANSWER/pipe-aws/pipeline-push-ecr-ok.png new file mode 100644 index 00000000..bf6c2e80 Binary files /dev/null and b/PRA06_ANSWER/pipe-aws/pipeline-push-ecr-ok.png differ diff --git a/PRA06_ANSWER/pipe-aws/pipeline.txt b/PRA06_ANSWER/pipe-aws/pipeline.txt new file mode 100644 index 00000000..2f2e16ae --- /dev/null +++ b/PRA06_ANSWER/pipe-aws/pipeline.txt @@ -0,0 +1,45 @@ +pipeline { + environment { + DOCKERHUB_IMAGE = 'crhacker7/books-pageable-backend:latest' + ECR_REGISTRY = 'public.ecr.aws/z4y4h0k9' + ECR_REPOSITORY = 'spring-boot-app' + IMAGE_TAG = "${BUILD_NUMBER}" + AWS_REGION = 'us-east-1' // Public ECR repositories are only available in us-east-1 + } + + agent any + + stages { + stage('Pull from DockerHub') { + steps { + sh "docker pull ${DOCKERHUB_IMAGE}" + } + } + + stage('Tag for ECR') { + steps { + + sh "docker tag ${DOCKERHUB_IMAGE} ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" + sh "docker tag ${DOCKERHUB_IMAGE} ${ECR_REGISTRY}/${ECR_REPOSITORY}:latest" + } + } + + stage('Push to ECR') { + steps { + withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: 'awscredentials_id']]) { + sh "aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${ECR_REGISTRY}" + sh "docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" + sh "docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}:latest" + } + } + } + } + + post { + always { + sh "docker rmi ${DOCKERHUB_IMAGE}" + sh "docker rmi ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" + sh "docker rmi ${ECR_REGISTRY}/${ECR_REPOSITORY}:latest" + } + } +} \ No newline at end of file