Forem: Fife Oluwabunmi

Deploying AI application on ec2 instance

Fife Oluwabunmi — Fri, 28 Feb 2025 14:38:52 +0000

Introduction

The goal of this exercise was to deploy a Flask AI application on an ec2 instance. This documentation covers a step by step method to achieve this using two methods- Dockerized & Without Docker

Deploying without Docker

Testing the application locally

As a rule of thumb, before deploying an application to a cloud environment, it is important to always attempt to get it to run locally to ensure there are little or no bugs.

Settting up Cloud environment

Create a GitHub repository to store the code if this hasn't been done already
Navigate to the AWS console, spin up an ec2 instance with with reasonable processing power- t2.medium should suffice
Make sure that when setting up the Security Group, an ingress rule for port 5000 is added.
Connect to the instance using a preferred method. Inside of the instance, run commands git -v to confirm the git command line tool is installed. If not, run either of the below commands to install it

# For Red-Hat based systems
sudo dnf install git-all

# For Debian based systems
sudo apt install git-all

# For MacOs, install using homebrew preferably
brew install git

# Verify installation
git -v

Clone repository and install dependencies

With the git cli tool installed, the repo can now be conveniently cloned

git clone <github-repo-url>

Install the Python & Pip

# Ensure Python is installed
python3 --version

# If not installed, run commands to install

# Debian based
sudo apt update
sudo apt upgrade
sudo apt install python3
sudo apt install python3-pip
sudo apt install python3-dev python3-venv build-essential

# Red-hat based
sudo dnf update
sudo dnf install python3
sudo dnf groupinstall "Development Tools"
sudo dnf install python3-pip

# Confirm installation
python3 --version

Install Project dependencies

# Navigate to the Project directory
cd <project-name>

# Ensure the directory has requirements.txt file
ls

# Create Python virtual environment
python3 -m venv venv
source venv/bin/activate

# Install dependencies
pip install -r requirements.txt

# Run the application
python3 app.py

Finally, navigate to the browser, put in the public IP of the instance and attach port 5000 to it ie. 22.222.22.111:5000

Your application is now running on ec2

Deploying with Docker

Prerequisites

Have Docker installed locally
Have a Docker Hub account

In the code base, a Dockerfile has been created. This file is used to create the Docker Image alongside the compose.yaml file.

To create the docker image locally and start the container, run:
docker compose up --build

This command builds the image using Docker Compose

Verify the container is running successfully by attempting to access the application on 127.0.0.1:5000. Once confirmed, stop the container.

Next we need to tag the image so it can be pushed to Docker Hub.

# First verify the image name
docker images

# Your output should be something like spamemail-flask-app

# Now tag the image
docker tag spamemail-flask-app <your-dockerhub-username>/spam-email:latest

# Eg
docker tag spamemail-flask-app fifss/spam-email:latest

# Login to dockerhub from your terminal and follow the instructions
docker login

# Finally, push your image to DockerHub
docker push docker push <dockerhub-username>/spam-email:latest

Pull Docker image on ec2 instance

Create an instance on AWS. Make sure to use at least the t2.medium because of Docker system requirements.

Also be sure to allow the port 5000 in the Security Group for the instance

After going through the installation processes, to enable Docker without root privileges, refer to this documentation

Now test your Docker installation

docker run hello-world

Now that Docker is installed, pull the Docker image from DockerHub

docker pull <docker-username>/spam-email:latest

# Now that the image has been pulled, run the image as a container

docker run --name spam-email -p 5000:5000 <docker-username>/spam-email:latest

# Eg
docker run --name spam-email -p 5000:5000 fifss/spam-email

Open the browser and paste in the public IP address with the port 5000

# Example
http://10.222.133.155:5000/

Congratulations! Now your container is running successfully

How I Helped a Startup Automate Cloud Infrastructure in Minutes

Fife Oluwabunmi — Thu, 20 Feb 2025 19:59:22 +0000

A while ago, I was approached by a Co-Founder to help them push out a new feature and for this feature to work as expected, they needed cloud resources to be created on the fly- easily, quickly without any additional configuration and they needed it as part of a workflow.

Now from that brief description, the obvious technology that can make this possible is Infrastructure as Code- but figuring that part out is the easy part. Ensuring that every time the Terraform scripts are run, the resources are created seamlessly was where the real work was!

I'll be walking you through how I was able to achieve this for AWS & GCP ;)

Managing AWS Cloud with Terraform

The job was "simple". Write a Terraform script to automate the creation of AWS ec2 instance(s) with all the supporting resources ensuring it's secure and accessible.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = "us-east-1"
}

# Create the VPC
resource "aws_vpc" "company_vpc" {
  cidr_block = "10.0.0.0/16"
  enable_dns_support   = true
  enable_dns_hostnames = true
  tags = {
    Name = "company-vpc"
  }
}

# Create the Subnet
resource "aws_subnet" "company_subnet" {
  vpc_id            = aws_vpc.company_vpc.id
  cidr_block        = "10.0.1.0/24"
  map_public_ip_on_launch = true
  availability_zone = "us-east-1a"
  tags = {
    Name = "company-subnet"
  }
}

# Create the Internet Gateway
resource "aws_internet_gateway" "company_igw" {
  vpc_id = aws_vpc.company_vpc.id
  tags = {
    Name = "company-igw"
  }
}


# Create the Route Table
resource "aws_route_table" "company_route_table" {
  vpc_id = aws_vpc.company_vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.company_igw.id
  }

  tags = {
    Name = "company-route-table"
  }
}

# Associate Route Table with Subnet
resource "aws_route_table_association" "company_subnet_assoc" {
  subnet_id      = aws_subnet.company_subnet.id
  route_table_id = aws_route_table.company_route_table.id
}

If you're not concerned with setting up a vpc for the infrastructure, then ignore the jargon above XD

Now for the interesting part, we will create the ec2 instance, Security Groups, EBS, and Key pair.

# Create Security Group
resource "aws_security_group" "company_sg" {
  vpc_id = aws_vpc.company_vpc.id
  tags = {
    Name = "company-sg"
  }
}

# Ingress Rules
resource "aws_vpc_security_group_ingress_rule" "ssh_ingress" {
  security_group_id = aws_security_group.company_sg.id
  from_port         = 22
  to_port           = 22
  ip_protocol       = "tcp"
  cidr_ipv4         = "0.0.0.0/0"
}

# If you have specifics for the in-bound rules, then specify them.
# Avoid this!
resource "aws_vpc_security_group_ingress_rule" "all_tcp_ingress" {
  security_group_id = aws_security_group.company_sg.id
  from_port         = 0
  to_port           = 65535
  ip_protocol       = "tcp"
  cidr_ipv4         = "0.0.0.0/0"
}

# Egress Rules
resource "aws_vpc_security_group_egress_rule" "all_egress" {
  security_group_id = aws_security_group.company_sg.id
  from_port         = 0
  to_port           = 0
  ip_protocol       = "-1"
  cidr_ipv4         = "0.0.0.0/0"
}

# Create EC2 Instances
resource "aws_instance" "company_instance" {
  count = var.instance_count

  # Change this to the ami & instance type you want to use
  ami           = "ami-0e2c8caa4b6378d8c"
  instance_type = "t3.medium"

  subnet_id                   = aws_subnet.company_subnet.id
  vpc_security_group_ids      = [aws_security_group.company_sg.id]
  associate_public_ip_address = true
  key_name = aws_key_pair.company-key.key_name

  # Root Volume (Default Storage)
  root_block_device {
    volume_size = 50  # Size in GB
    volume_type = "gp3"
  }

  # Additional EBS Volume
  ebs_block_device {
    device_name           = "/dev/xvdb"
    volume_size           = 100  # Size in GB
    volume_type           = "gp3"
    delete_on_termination = true
  }

  tags = {
    Name = "company-instance-${count.index + 1}"
  }
}

resource "tls_private_key" "pk" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "aws_key_pair" "company-key" {
  key_name   = "company-aws-key-pair"
  public_key = tls_private_key.pk.public_key_openssh
}

resource "local_file" "company_key" {
  content         = tls_private_key.pk.private_key_pem
  filename        = "./company-aws-key-pair.pem"
  file_permission = "0400"
}

outputs.tf

output "vpc_id" {
  description = "ID of the VPC"
  value       = aws_vpc.company_vpc.id
}

output "subnet_id" {
  description = "ID of the subnet"
  value       = aws_subnet.company_subnet.id
}

output "security_group_id" {
  description = "ID of the security group"
  value       = aws_security_group.company_sg.id
}

output "instance_public_ips" {
  description = "Public IPs of the EC2 instances"
  value       = aws_instance.company_instance[*].public_ip
}

output "private_key_path" {
  description = "Path to the generated private key file"
  value       = local_file.company_key.filename
}

output "key_pair_name" {
  description = "Name of the AWS key pair"
  value       = aws_key_pair.company-key.key_name
}

variables.tf

variable "instance_count" {
  description = "Number of AWS instances to launch"
  type        = number
  default     = 1
}

variable "region" {
  description = "AWS region to deploy resources"
  type        = string
  default     = "us-east-1"
}

variable "vpc_cidr_block" {
  description = "CIDR block for the VPC"
  type        = string
  default     = "10.0.0.0/16"
}

variable "subnet_cidr_block" {
  description = "CIDR block for the public subnet"
  type        = string
  default     = "10.0.1.0/24"
}

variable "availability_zone" {
  description = "Availability zone for the subnet"
  type        = string
  default     = "us-east-1a"
}

variable "ami" {
  description = "AMI ID for the EC2 instances"
  type        = string
  default     = "ami-0e2c8caa4b6378d8c"
}

variable "instance_type" {
  description = "Instance type for EC2 instances"
  type        = string
  default     = "t2.large"
}

A few things to take away from this, we have a secure ec2 instance setup with supporting resources like vpc, security group, and subnet created. We also have the variables file to dynamically handle various resource naming and a couple of other things.

Thanks for reading ;D

Scraping Custom Django Metrics with Prometheus

Fife Oluwabunmi — Thu, 09 Jan 2025 11:08:28 +0000

In the previous article, we explored setting up a Prometheus instance to scrape generic data(metrics) from our very basic Django application.

Now, we're taking it a step higher: We're going to send custom metrics to Prometheus so we can visualize the data.

To follow along with this article, you need:

To have Prometheus installed
To understand the basics of Prometheus. For that, refer to the previous entries in this series
A basic Django application set up for you to work with. You can refer to Django's official documentation for this.

Using the Python Logging module

Python already has a module for logging various information in an application. We will build on this module to generate our custom logs, which will be exposed to Prometheus for scraping.

In your settings.py add the following lines:

import os # Add this at the top of the file
.
.
.

# Add this at the bottom of the file
LOGGING = {
    'version': 1,  # Specifies the logging configuration schema version
    'disable_existing_loggers': False,  # Keep default Django loggers active
    'formatters': {
        'verbose': {
            'format': '{levelname} {asctime} {module} {message}',
            'style': '{',  # Use `{}` to format log messages
        },
    },
    'handlers': {
        'file': {  # Write logs to a file
            'level': 'INFO',
            'class': 'logging.FileHandler',
            'filename': os.path.join(BASE_DIR, 'app.log'),  # Log file path
            'formatter': 'verbose',  # Use the verbose format
        },
    },
    'loggers': {
        'django': {
            'handlers': ['file'],
            'level': 'INFO',  # Log everything INFO and above
            'propagate': True,  # Pass log messages to parent loggers
        },
    },
}

This defines a log handler that will write information into an app.log file.

To read more about log levels, refer to this documentation

Create Custom Prometheus Log Handler

In a new customlogger.py file, add the following code:

import logging
from prometheus_client import Counter

# Define Prometheus counters for different log levels
log_counters = {
    'INFO': Counter('django_log_info_total', 'Total number of INFO logs'),
    'WARNING': Counter('django_log_warning_total', 'Total number of WARNING logs'),
    'ERROR': Counter('django_log_error_total', 'Total number of ERROR logs'),
}

class PrometheusLogHandler(logging.Handler):  # Custom log handler
    def emit(self, record):
        log_level = record.levelname  # Get the log level (INFO, WARNING, ERROR)
        if log_level in log_counters:  # Check if we have a counter for this level
            log_counters[log_level].inc()  # Increment the counter

Expose Metrics to Prometheus

We will create a Django endpoint(Django view) for Prometheus to access the data from.

app/views.py:

from prometheus_client import generate_latest
from django.http import HttpResponse

def metrics_view(request):
    """Expose Prometheus metrics, including log counters."""
    metrics = generate_latest()  # Generate all Prometheus metrics
    return HttpResponse(metrics, content_type='text/plain')

yourdjangoproject/urls.py:

from django.contrib import admin
from django.urls import path, include
from demo.views import metrics_view

urlpatterns = [
    path('admin/', admin.site.urls),
    path('', include('django_prometheus.urls')),
    path('metrics/', metrics_view, name='metrics'),
]

prometheus.yml:

scrape_configs:
  - job_name: 'django_app'  # A name for this job
    static_configs:
      - targets: ['localhost:8000']  # Django app's address

This will configure Prometheus to look for data at the address localhost:8000. Alternatively, you can use 127.0.0.1:8000

Finally, we update our settings.py to include the Custom handler we created:

from demo.customlogger import PrometheusLogHandler
.
.
LOGGING = {
    'version': 1,  # Specifies the logging configuration schema version
    'disable_existing_loggers': False,  # Keep default Django loggers active
    'formatters': {
        'verbose': {
            'format': '{levelname} {asctime} {module} {message}',
            'style': '{',  # Use `{}` to format log messages
        },
    },
    'handlers': {
        'file': {  # Write logs to a file
            'level': 'INFO',
            'class': 'logging.FileHandler',
            'filename': os.path.join(BASE_DIR, 'app.log'),  # Log file path
            'formatter': 'verbose',  # Use the verbose format
        },
        'prometheus': {  # Send logs to Prometheus (custom handler)
            'level': 'INFO',
            'class': 'my_app.log_handlers.PrometheusLogHandler',  # Our custom handler
        },
    },
    'loggers': {
        'django': {
            'handlers': ['file', 'prometheus'],  # Use both file and Prometheus handlers
            'level': 'INFO',  # Log everything INFO and above
            'propagate': True,  # Pass log messages to parent loggers
        },
    },
}

Putting it all together

Now we test what we have:

python manage.py runserver

Inside the Prometheus directory:

./prometheus --config.file=prometheus.yml

On your browser, open 127.0.0.1:8000/metrics to confirm that the metrics are being generated.

Navigate to the Prometheus UI at 127.0.0.1:9090. Query the log metrics by searching for django_log_info_total and click on the Graph view.

What we've done so far

Enabled logging in our Django application using the logging module
Created a Custom logging handler to increment the Prometheus counter whenever a log is recorded
Exposed the Django logs to Prometheus and visualized it in Prometheus UI

For the full implementation, you can check out my repository

Monitoring Django WebApps with Prometheus

Fife Oluwabunmi — Tue, 27 Aug 2024 12:07:51 +0000

In the previous article, we looked at how to setup Prometheus and we got a feel of what it looks like to monitor a service. In this one, we'll be going straight into monitoring applications- Django Web apps, so if you're trying to figure out how to up your observability game, this article is for you!

Let's get into it!

Prerequisite

Prometheus installed
Basic understanding of how Prometheus works (Check my previous article)
A functioning Django application you want to monitor.

Something you should keep in mind: Prometheus monitors applications through client libraries. Read the docs.

In this article, we'll be using django-prometheus to export the metrics of our Django App to Prometheus!

Installing and setting up django-prometheus

pip install django-prometheus

In your settings.py, add the following:

INSTALLED_APPS = [
   ...
   'django_prometheus',
   ...
]

MIDDLEWARE = [
    'django_prometheus.middleware.PrometheusBeforeMiddleware',
    .
    .
    .
    'django_prometheus.middleware.PrometheusAfterMiddleware',
]

In the urls.py of your Django project:

urlpatterns = [
    ...
    path('', include('django_prometheus.urls')),
]

Note:

This should be added in the urls.py of your Django project and NOT the Django app. Please review this article.
For more details on the django-prometheus package, read here.
Be sure to update your requirements.txt file

pip freeze > requirements.txt

Next, update your prometheus.yml file to look like this:

global:
  scrape_interval:     5s
  evaluation_interval: 5s

alerting:
  alertmanagers:

scrape_configs:
  - job_name: 'django-app'
    static_configs:
      - targets: ['127.0.0.1:8000']
        labels:
          group: 'server'

NOTE: If this section is unclear, refer to my previous article

Start your webserver and open 127.0.0.1:8000/metrics. You should have output like this:

To be able to access the Prometheus UI, start up your Prometheus server with this command

./prometheus --config.file=prometheus.yml
# Make sure you're in the prometheus-2.54.0.darwin-amd64 dir
# The name will vary depending on your OS/distribution ;)

You can now run queries in the Prometheus UI at http://127.0.0.1:9090/.

In the next one, we'll look at scraping custom metrics from our applications!

Cheers!

Introduction to Prometheus Monitoring

Fife Oluwabunmi — Fri, 23 Aug 2024 13:18:37 +0000

A lot of newbies and "semi-newbies" in DevOps and SWE dodge and run from Monitoring and Prometheus because it seems really difficult to crack or they feel like skills that you'd only need at a senior level...

Guess what? I was once there but after psyching myself up for almost one week, I finally started working with Prometheus and I'm here to make learning about Monitoring and Prometheus a whooollee lot simpler. So relax as we dive into Prometheus' World! :D

Prometheus

In a nutshell, Prometheus is an open-source tool that allows you to keep tabs on different types of resources including applications running either locally or on some server, and even servers themselves.
With Prometheus, you keep track of various data (metrics) related to your app or server.

It's also pretty easy to install and set up- just enough to get you started with it, so let's get right into it!

Installing Prometheus

Prometheus is broken into different components and you can download the binary files of these components individually- this way, you only have to get what you need!

If you head over to Prometheus download page, you'll be able to find officially maintained components. This article won't cover them all, we'd only be looking at prometheus itself and node_exporter.

Choose your binary file according to your distribution and download it. I'm using a Mac, so I'll select the darwin distro.

The next thing to do is to unzip the file. If you're on a linux/mac machine, run the following command:

tar xvfz prometheus-2.54.0.darwin-amd64.tar.gz
cd prometheus-2.54.0.darwin-amd64

Now you should be in the prometheus directory. You can run ls and you should see something like this:

Now we're going to edit the prometheus.yml file. Get rid of the default configurations and make sure your file looks like this.

global:
  scrape_interval:     15s

scrape_configs:
  - job_name: 'prometheus'
    scrape_interval: 5s

    static_configs:
      - targets: ['localhost:9090']

Here, we're asking Prometheus to monitor localhost:9090 which is the port prometheus runs on. We're doing this just so you can get a feel of how Prometheus works. We'll set up more exciting stuff soon.

Now we're going to see Prometheus in action! Run the following command:

./prometheus --config.file=prometheus.yml

Ensure you're in the prometheus directory before running the command. We're calling Prometheus and asking it to use the file we just configured as the config file.

Once it starts running, we can go over to localhost:9090 to view the UI Prometheus provides for us. We'll go into a bit more detail later but for now, just know that this is where you can run different queries to get information about the service you're running!

Note: If you open localhost:9090/metrics, you'll see the raw format of our service's metrics.

That's all for now. In the next one, we'll see how we can use Prometheus and Grafana to monitor a Django application!

I hope you found this guide helpful.

Terraform and s3 buckets?!

Fife Oluwabunmi — Mon, 12 Aug 2024 14:04:08 +0000

Servers, vpcs, nics. Managing these resources in either a development or production environment can get tedious, repetitive, and exhausting.

Terraform is an Infrastructure-as-code tool used to manage, specify, and control various resources on various environments- cloud and whathaveyou.

Very briefly, we'll look at how to create and manage AWS s3 buckets all using Terraform.

NB: If you're not already familiar with AWS and s3 buckets, I advise getting some foundational knowledge on those. It's important to know how something works before considering automating it.

If you want me to put something together as regards that, let me know in the comments

With that out of the way, let's get to it!

Create a standard s3 bucket

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = "us-east-1" # Specify your region

}

# Create s3 bucket
resource "aws_s3_bucket" "testbucket" {
  bucket = "my-new-bucket"

}

For more details on creating s3 buckets check the Documentation

Creating an s3 bucket is one thing. Making it available to the public (if necessary) is another thing. The rest of this article will be helpful to people trying to make their bucket or the objects in it public.

Making your bucket accessible

# Bucket ownership controls
resource "aws_s3_bucket_ownership_controls" "buck-owner" {
  bucket = aws_s3_bucket.testbucket.id
  rule {
    object_ownership = "BucketOwnerPreferred"
  }
}

# Disable bucket default security
resource "aws_s3_bucket_public_access_block" "public-block" {
  bucket = aws_s3_bucket.testbucket.id

  block_public_acls       = false
  block_public_policy     = false
  ignore_public_acls      = false
  restrict_public_buckets = false
}

resource "aws_s3_bucket_acl" "buk-acl" {
  depends_on = [
    aws_s3_bucket_ownership_controls.buck-owner,
    aws_s3_bucket_public_access_block.public-block,
  ]

  bucket = aws_s3_bucket.testbucket.id
  acl    = "public-read"
}

# Enable read access
resource "aws_s3_bucket_policy" "allow-public-access" {
  bucket = aws_s3_bucket.testbucket.id

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Principal = "*"
        Action = [
          "s3:GetObject",
          "s3:PutObject"
        ]
        Resource = [
          "${aws_s3_bucket.store-ket.arn}/*"
        ]
      }
    ]
  })
}

Each stage of this section is highly important. To learn more about these configurations, refer to some of these resources:

Some additional configurations you can add to your s3 bucket include versioning & server-side encryption

Versioning

resource "aws_s3_bucket_versioning" "enable-versioning" {
  bucket = aws_s3_bucket.testbucket.id
  versioning_configuration {
    status = "Enabled"
  }
}

To read more: Documentation

Server-side encryption

There are different methods to enable server-side encryption but for simplicity's sake, we'll stick to one

resource "aws_s3_bucket_server_side_encryption_configuration" "encrypt-ket" {
  bucket = aws_s3_bucket.testbucket.id

  rule {
    apply_server_side_encryption_by_default {
      sse_algorithm     = "AES256"
    }
  }
}

We've come to the end of this short tutorial. But as a bonus, in case you're wondering if you can upload files to the bucket directly from your code. Yes, you can!

Upload HTML file

resource "aws_s3_object" "upload" {
  key                    = "index.html"
  bucket                 = aws_s3_bucket.testbucket.id
  source                 = "buk-list/index.html"
  acl                    = "public-read"
  server_side_encryption = "AES256"
  content_type           = "text/html"
}

Make sure the source points to the location of the file you want to upload. I advise creating a folder in your project directory so the source looks like this ./folder/index.html

Thanks for joining me on this one. I hope you found this helpful. Leave your questions for me in the comments and I'll be sure to help out however I can!

Web-server X Load Balancers

Fife Oluwabunmi — Sat, 27 Jul 2024 02:47:18 +0000

Load balancers are crucial in mission-critical environments where multiple customers need to access data/resources across various regions.

I set up a CI/CD pipeline with GitHub Actions that deployed a containerized application on multiple servers. The load balancer using Caddy was set up to distribute the traffic between the servers.

Receiving this task, it seemed a little overwhelming but I was able to break it down into different sections using a method I learned -> DevSecOps. The idea is to have the project broken into manageable bits. I'll be using this method to walk you through my project!

Breaking down the task into bits helped me to focus on one section at a time and ensure that I covered all the ‘coverables’

Join me as we go into detail on this exciting project!

Devsecops

Before any process can be automated, there must be some assurance that things and services work as they should. I started by manually containerizing my application and ensuring it ran on the server.

My application is a Django app, so this part will differ depending on the peculiarities of you stack and application.

Dockerfile

FROM python:3.9
ENV PYTHONUNBUFFERED 1
RUN mkdir /code
WORKDIR /code
COPY requirements.txt /code/
RUN pip install -r requirements.txt
COPY . /code/
CMD ["python3.9", "manage.py", "runserver", "0.0.0.0:8000"]

Although the details of the Dockerfile are outside the scope of this article, you can refer to Docker's documentation. I also found this article quite useful: Docker Django Deployment

My Web application also has a DB service, so I used Docker Compose to manage both containers.

compose.yaml

services:
  db:
    image: nouchka/sqlite3:latest
    volumes:
      - ./data/db:/root/db
    environment:
      - SQLITE3_DB=db.sqlite3
  web:
    build: .
    command: python3.9 manage.py runserver 0.0.0.0:8000
    volumes:
      - .:/code
    ports:
      - "8000:8000"
    depends_on:
      - db

To learn more about Docker Compose, check the official documentation. You can also refer to this article. Again, this is not applicable to other types of applications. Link to Article

After testing the dockerization, the next thing to work on was the Load Balancer. There are a number of tools to choose from, but I chose to work with Caddy

Caddyfile

:80 {
  reverse_proxy [11.11.11.11:8000 22.22.22.22:8000] {  # Ip addresses go here :)
    lb_policy random
}
}

# File is stored at /etc/caddy/Caddyfile by default

random is the Load-balancing algorithm I decided to work with ;). Please refer to the documentation for more details. That concludes the Dev part of this project.

devSecops

Aside from the fact that my servers (EC2 instances) had Security Groups, I decided to add an extra layer of security by setting up a Firewall for the servers.

There wasn't really much to it, I just decided the ports I wanted open on the OS level.

devsecOps

The final part of this project was to include as much automation as possible to streamline deployment. The best/easiest choice was to use GitHub actions.

I set up the pipeline to be triggered when the codebase changed. The workflow rebuilt the application image, pushed to Docker Hub, pulled the image on my servers and started the containers.

After a lot of work on this part, I got something that worked for me.

.github/workflows/main.yaml

name: Build to servers

on:
  push:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        server: [11.11.11.11, 22.22.22.22]
    env:
      EC2_SSH_PRIVATE_KEY: ${{ secrets.EC2_SSH_PRIVATE_KEY }}
      EC2_USERNAME: ${{ secrets.EC2_USERNAME }}
      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}


    steps:
      - name: Checkout source
        uses: actions/checkout@v3

      - name: Login to Docker Hub
        run: docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}

      - name: Build Docker Image
        run: |
          docker compose up --build -d
          docker compose down

      - name: Tag the docker image
        run: docker tag mockstack-overflow-web ${{ secrets.DOCKER_USERNAME }}/mockstack-overflow-web:latest

      - name: Publish image to docker hub
        run: docker push fifss/mockstack-overflow-web:latest

      - name: Login to servers
        uses: omarhosny206/setup-ssh-for-ec2@v1.0.0
        with:
            EC2_SSH_PRIVATE_KEY: $EC2_SSH_PRIVATE_KEY
            EC2_URL: ${{ matrix.server }}

      - name: Run docker commands on server 1 & 2
        run: |
          ssh -o StrictHostKeyChecking=no $EC2_USERNAME@${{ matrix.server }} << EOF
            docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
            docker pull $DOCKER_USERNAME/mockstack-overflow-web:latest
            docker stop mockstack-overflow-web || true
            docker rm mockstack-overflow-web || true
            docker run -d --name mockstack-overflow-web -p 8000:8000 $DOCKER_USERNAME/mockstack-overflow-web:latest
          EOF

Make sure you have your secrets stored on GitHub. To do this, in your GitHub repository, go to Settings -> Secrets & variables -> Actions -> New Repository secret

For me, my EC2_SSH_PRIVATE_KEY was the private key for my servers that I downloaded while setting up the server.

I hope you've been able to learn a thing or two 😊

Feel free to leave any questions you have for me in the comments.

My name is Fife, let's connect and work together 🤝🏾

Btw, this is my debut in this community 😅 not too shabby huh?

Reference: Cover Image