Hi Guys! Getting ready for a DevOps Interview? Then this is just for you!
Part 1: Basic docker application
Note: For docker images you may use anything that is available on docker hub. You may use the original images or build new images based on the originals as you see fit.
1.1 Simple web page
Create a docker image based on nginx which will serve a very simple web page. The contents of the page should be “Hello from LinuxTeacher.com!”.
Secure the web app with HTTP basic auth. Add a user named admin with password linux-teacher.
1.2 Access logs to MongoDB
Each access to the page should result in the creation of a new document in the MongoDB collection named access. We want to save the user agent string, the date of the access and the response code.
Let’s assume we want to be notified when the access was denied more than 10 times total, e.g. because the user entered the wrong password. Create a script that counts the number of access denials and sends an email to some address (you can send it to yourself for testing) if that number is above 10.
Note: the email might be rejected or marked as spam on the receiving end. Why would that happen and how could you mitigate it? (It’s not necessary to fix this now since it might take up too much time, so just tell us what you would do.)
The access-denied counter script should be run periodically. Create an image that runs the script once every 20 minutes.
1.4 docker-compose file
Create a docker-compose file that manages the entire application described above. Running
docker-compose up should start everything.
Part 2: AWS Infrastructure
In this part, we will design and visualize the infrastructure that would support the application in the AWS cloud. Please use a visualization tool like Cloudcraft in order to draw diagrams of the architecture described below.
2.1 ECS task and service
Instead of running everything locally using docker-compose, we want to manage the application through AWS ECS. The cluster should live in a private VPC and traffic from the public internet should enter through an Application Load Balancer. Add all services necessary to fulfill these requirements.
2.2 Cloudwatch and SNS
Now instead of sending email alerts directly from our container, we want to leverage AWS Cloudwatch and SNS to handle that for us. We set up the container to log to Cloudwatch and set up SNS accordingly, so that your log message triggers the sending of an email through it.
2.3 Scaling up
Let’s say we want to scale up our application and run our task multiple times at once, possibly on separate EC2 instances. In the current configuration (which uses a single service definition), that means we are running multiple MongoDB instances independently. Why is that not ideal for what our application is trying to achieve? Describe a strategy that would suit better.
2.4 Bastion host
We want to set up a bastion host in order to connect to the machines running our application. The bastion host will be the only one allowing ssh access from the internet, all other hosts should only allow access from the bastion host. Add a separate EC2 instance to fill that role.
Part 3: CI/CD
Now that we have planned out our architecture, let’s think about how we would manage this in a production setting with continuous deployment in place. Describe (in the form of a graphical illustration) how you would set up a CI/CD pipeline that allows our development teams to deploy their changes in a way that is safe and requires minimal manual interaction. We are not looking at minor technical details here, but want to get an overview of the solution that you would choose.
Part 4: Deploy to Server
We’ve set up an empty server that can be used to host the docker application from part 1. Your task is to get the application up and running using
The web page should only be accessible from your own IP address.
The application should get started automatically if the machine gets rebooted.
Note: The server is running an outdated OS and some packages are missing. This is part of the challenge. You may change anything and install packages as you see fit.