Lab 7 — Deploy QuickNotes via Ansible (selysecr332)

ansible/files/seed.json

@@ -0,0 +1,26 @@
+[
+  {
+    "id": 1,
+    "title": "Welcome to QuickNotes",
+    "body": "This is the project you'll containerize, deploy, monitor, and harden across all 10 labs.",
+    "created_at": "2026-01-15T10:00:00Z"
+  },
+  {
+    "id": 2,
+    "title": "Read app/main.go first",
+    "body": "Start by understanding the entry point — env vars, signal handling, graceful shutdown.",
+    "created_at": "2026-01-15T10:05:00Z"
+  },
+  {
+    "id": 3,
+    "title": "DevOps mantra",
+    "body": "If it hurts, do it more often.",
+    "created_at": "2026-01-15T10:10:00Z"
+  },
+  {
+    "id": 4,
+    "title": "Endpoint cheat-sheet",
+    "body": "GET /notes  GET /notes/{id}  POST /notes  DELETE /notes/{id}  GET /health  GET /metrics",
+    "created_at": "2026-01-15T10:15:00Z"
+  }
+]

ansible/inventory.ini

@@ -0,0 +1,8 @@
+# WSL setup (run once):
+#   cp /mnt/c/Users/Selysecr/.vagrant.d/insecure_private_keys/vagrant.key.rsa ~/.ssh/vagrant-lab5
+#   chmod 600 ~/.ssh/vagrant-lab5
+#
+# Requires lab5 VM with port 2223 forwarded (0.0.0.0) — vagrant reload on feature/lab5.
+# Windows host IP: ip route show default | awk '{print $3}'
+[quicknotes_vms]
+lab5-vm ansible_host=172.18.160.1 ansible_port=2223 ansible_user=vagrant ansible_ssh_private_key_file=/home/selysecr/.ssh/vagrant-lab5 ansible_ssh_common_args='-o StrictHostKeyChecking=no -o PubkeyAcceptedKeyTypes=+ssh-rsa -o HostKeyAlgorithms=+ssh-rsa'

ansible/inventory.local.ini

@@ -0,0 +1,3 @@
+# Used by ansible-pull on the VM (self-reconcile via local connection).
+[quicknotes_vms]
+127.0.0.1 ansible_connection=local

ansible/playbook.yaml

@@ -0,0 +1,111 @@
+---
+- name: Deploy QuickNotes to Lab 5 VM
+  hosts: quicknotes_vms
+  become: true
+  gather_facts: false
+
+  vars:
+    quicknotes_user: quicknotes
+    quicknotes_group: quicknotes
+    quicknotes_data_dir: /var/lib/quicknotes
+    quicknotes_listen_addr: ":9191"
+    quicknotes_data_path: "{{ quicknotes_data_dir }}/notes.json"
+    quicknotes_seed_path: "{{ quicknotes_data_dir }}/seed.json"
+    ansible_pull_repo_url: "https://github.com/selysecr332/DevOps-Intro.git"
+    ansible_pull_branch: "feature/lab7"
+    ansible_pull_checkout_dir: "/var/lib/ansible-pull/devops-intro"
+
+  handlers:
+    - name: restart quicknotes
+      ansible.builtin.systemd:
+        name: quicknotes
+        state: restarted
+        daemon_reload: true
+
+  tasks:
+    - name: Ensure quicknotes system user exists
+      ansible.builtin.user:
+        name: "{{ quicknotes_user }}"
+        system: true
+        shell: /usr/sbin/nologin
+        create_home: false
+
+    - name: Ensure data directory exists
+      ansible.builtin.file:
+        path: "{{ quicknotes_data_dir }}"
+        state: directory
+        owner: "{{ quicknotes_user }}"
+        group: "{{ quicknotes_group }}"
+        mode: "0750"
+
+    - name: Install QuickNotes binary
+      ansible.builtin.copy:
+        src: files/quicknotes
+        dest: /usr/local/bin/quicknotes
+        owner: root
+        group: root
+        mode: "0755"
+      notify: restart quicknotes
+
+    - name: Install seed data file
+      ansible.builtin.copy:
+        src: files/seed.json
+        dest: "{{ quicknotes_seed_path }}"
+        owner: "{{ quicknotes_user }}"
+        group: "{{ quicknotes_group }}"
+        mode: "0640"
+
+    - name: Install systemd unit
+      ansible.builtin.template:
+        src: quicknotes.service.j2
+        dest: /etc/systemd/system/quicknotes.service
+        owner: root
+        group: root
+        mode: "0644"
+      notify: restart quicknotes
+
+    - name: Enable and start QuickNotes service
+      ansible.builtin.systemd:
+        name: quicknotes
+        enabled: true
+        state: started
+        daemon_reload: true
+
+    - name: Install Ansible and Git for ansible-pull
+      ansible.builtin.apt:
+        name:
+          - ansible
+          - git
+        state: present
+        update_cache: true
+
+    - name: Ensure ansible-pull checkout directory exists
+      ansible.builtin.file:
+        path: "{{ ansible_pull_checkout_dir }}"
+        state: directory
+        owner: root
+        group: root
+        mode: "0755"
+
+    - name: Install ansible-pull systemd service
+      ansible.builtin.template:
+        src: ansible-pull.service.j2
+        dest: /etc/systemd/system/ansible-pull.service
+        owner: root
+        group: root
+        mode: "0644"
+
+    - name: Install ansible-pull systemd timer
+      ansible.builtin.template:
+        src: ansible-pull.timer.j2
+        dest: /etc/systemd/system/ansible-pull.timer
+        owner: root
+        group: root
+        mode: "0644"
+
+    - name: Enable and start ansible-pull timer
+      ansible.builtin.systemd:
+        name: ansible-pull.timer
+        enabled: true
+        state: started
+        daemon_reload: true

ansible/templates/ansible-pull.service.j2

@@ -0,0 +1,8 @@
+[Unit]
+Description=GitOps reconcile QuickNotes via ansible-pull
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/ansible-pull -U {{ ansible_pull_repo_url }} -C {{ ansible_pull_branch }} -d {{ ansible_pull_checkout_dir }} -i ansible/inventory.local.ini ansible/playbook.yaml

ansible/templates/ansible-pull.timer.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description=Run ansible-pull every 5 minutes
+
+[Timer]
+OnBootSec=1min
+OnUnitActiveSec=5min
+Persistent=true
+
+[Install]
+WantedBy=timers.target

ansible/templates/quicknotes.service.j2

@@ -0,0 +1,19 @@
+[Unit]
+Description=QuickNotes API
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User={{ quicknotes_user }}
+Group={{ quicknotes_group }}
+WorkingDirectory={{ quicknotes_data_dir }}
+Environment=ADDR={{ quicknotes_listen_addr }}
+Environment=DATA_PATH={{ quicknotes_data_path }}
+Environment=SEED_PATH={{ quicknotes_seed_path }}
+ExecStart=/usr/local/bin/quicknotes
+Restart=on-failure
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target