DevOps Certification Training

Certification Project – Finance Me

Banking and Finance Domain

Submitted by - Saransh Vijay Vargiya

Submitted to - Staragile
Last date of submission - 20/12/24
Objective:

We will be using this tools for this purposes

- Git - For version control for tracking changes in the
code files
- Maven – For Continuous Build
- Jenkins - For continuous integration and continuous
deployment
- Docker - For deploying containerized applications
- Ansible - Configuration management tools
- Selenium - For automating tests on the deployed
web application
- Terraform - For creation of infrastructure.
- Prometheus and Grafana – For Automated
Monitoring and Report Visualization
Step 1: Create a VM and install Terraform on it
- Create a virtual machine and install terraform in it
OS: ubuntu 22
Instance type: t2.micro
- Add network setting > add security group > all
traffic and anywhere

- Connect to the instance.

- Steps to install terraform. Use the below
commands.
#wget -O-
https://apt.releases.hashicorp.com/gpg | sudo
gpg --dearmor -o /usr/share/keyrings/hashicorp-
archive-keyring.gpg

#echo "deb [signed-

by=/usr/share/keyrings/hashicorp-archive-
keyring.gpg] https://apt.releases.hashicorp.com
$(lsb_release -cs) main" | sudo tee
/etc/apt/sources.list.d/hashicorp.list

#sudo apt update && sudo apt install terraform

 - Now creating the accessskey and secret key in aws
for terraform to connect.
- Once access key and secrect key is creating in the
aws – IAM

- Go and configure it on the terraform VM

- Installing awscli on the VM

Steps:

# apt-get update
# apt-get install awscli -y
# aws configure
Give the valid access key
Give the valid secret key
- Press enter, no need to give any region and format
option.

- To verify if the credentials have been set for aws

# cat ~/.aws/credentials
- Write terraform configuration file to create an ec2
server and install ansible on it.
# mkdir myproject
# cd myproject
#vim aws_infra.tf
provider "aws" {
region = "us-east-1"
shared_credentials_files = ["~/.aws/credentials"]
}
resource "tls_private_key" "mykey" {
algorithm = "RSA"
}
resource "aws_key_pair" "aws_key" {
key_name = "web-key"
public_key =
tls_private_key.mykey.public_key_openssh
provisioner "local-exec" {
command = "echo
'${tls_private_key.mykey.private_key_openssh}' >
./web-key.pem"
}

}
resource "aws_vpc" "my-vpc" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "my-vpc"
}

resource "aws_subnet" "subnet-1"{

vpc_id = aws_vpc.my-vpc.id
cidr_block = "10.0.1.0/24"
depends_on = [aws_vpc.my-vpc]
map_public_ip_on_launch = true
tags = {
Name = "my-subnet"
}
}

resource "aws_route_table" "my-route-table"{

vpc_id = aws_vpc.my-vpc.id
tags = {
Name = "my-route-table"
}

resource "aws_route_table_association" "a" {

subnet_id = aws_subnet.subnet-1.id
route_table_id = aws_route_table.my-route-table.id
}

resource "aws_internet_gateway" "gw" {

vpc_id = aws_vpc.my-vpc.id
depends_on = [aws_vpc.my-vpc]
tags = {
Name = "my-gw"
}

resource "aws_route" "my-route" {

route_table_id = aws_route_table.my-route-table.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id

}
variable "sg_ports" {
type = list(number)
default = [8080,80,22,443]
}
resource "aws_security_group" "my-sg" {
name = "sg_rule"
vpc_id = aws_vpc.my-vpc.id
dynamic "ingress" {
for_each = var.sg_ports
iterator = port
content{
from_port = port.value
to_port = port.value
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
egress {

from_port =0
to_port =0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "myec2" {
ami = "ami-0166fe664262f664c"
instance_type = "t2.medium"
key_name = "web-key"
subnet_id = aws_subnet.subnet-1.id
security_groups = [aws_security_group.my-sg.id]
tags = {
Name = "Terrafrom-EC2"
}
provisioner "remote-exec" {
connection {
type = "ssh"
user = "ubuntu"
private_key =
tls_private_key.mykey.private_key_pem
host = self.public_ip
}
inline = [
"sudo apt update",
"sudo apt install software-properties-common",
"sudo add-apt-repository --yes --update
ppa:ansible/ansible",
"sudo apt install ansible -y"
]
}
}

- Now lets run the code to verify the infrastructure.

# terraform inti
- Using the below code to create the VM using the
terraform
# terraform apply --auto-approve

- Now we can see that our vm is created now

- Now connect to the newly created EC2 instance
which has ansible installed on it > We can call this
instance as ansible controller.
- Making sure that its and t2.medium machine as we
will have to setup Jenkins, docker, monitoring tools
on it.
Note: Inorder to connect to the newly created VM
we need to first copy the SHH key in the local
computer.
- Goto > cat web-key.pem > copy the key and save in
the local machine.
- Now we can connect it using any ssh we are using
the mobaxterm.
 Step 2: Configuration management of tools using
Ansible

- We can see that ansible is now installed on the

new VM created by using the terraform.

- Before writing and executing the playbook enter the

below command manually.
Add Jenkins key to the server
# sudo wget -O /usr/share/keyrings/jenkins-
keyring.asc https://pkg.jenkins.io/debian/jenkins.io-
2023.key
Then add a Jenkins apt repository entry:
# echo "deb [signed-by=/usr/share/keyrings/jenkins-
keyring.asc]" https://pkg.jenkins.io/debian binary/ |
sudo tee /etc/apt/sources.list.d/jenkins.list >
/dev/null
- Now Create a playbook with the below code.
# vim playbook.yml
- name: Install and setup devops tools
hosts: localhost
become: true
tasks:
- name: Update the apt repo
command: apt-get update
- name: Install multiple packages
package: name={{item}} state=present
loop:
- git
- docker.io
- openjdk-17-jdk
- name: install jenkins
command: sudo apt-get install jenkins -y
- name: Start jenkins and docker services
command: name={{item}} state=started
loop:
- jenkins
- docker
 - Now run the playbook
# ansible-playbook playbook.yml

- The playbook was a success with no failed cases,

And we have configured the java, git, docker,
Jenkins using the Ansible.
- Now let us verify that Jenkins is up and running by
using the ip address:8080
Step 3: Continuous Integration pipeline
- Setup Jenkins dashboard and login to the Jenkins
dashboard.

- Setup maven in tool section of Jenkins

Goto manage Jenkins > tools > maven > setup the
maven name over there.
 - Now create a pipeline code to fetch the code from
github and test and build the code.

pipeline{

agent any

tools{
maven 'mymvn'
}

stages{
stage('Clone repo')
{
steps{
git 'https://github.com/saransh-vijayvargiya/banking-
finance-Project1.git'
}
}
stage('Test Code')
{
steps{
sh 'mvn test'
}
}
stage('Build Code')
{
steps{
sh 'mvn package'
}
}

}
}

- Build is now success.

Step 4: Containerize and implement microservice
architecture
- We will write a dockerfile and save it in the github
repo

- We will go to the CICD pipeline in Jenkins > add a

stage to build docker file in to an image
 - Before running the pipeline, go to the terminal and
execute this command :
- This command will allow Jenkins to run docker
commands
# chmod -R 777 /var/run/docker.sock

stage('Build Image')
{
steps{
sh 'docker build -t banking-finance-Project1 .'
}
}
 - Now build the code.

- Now goto the VM terminal and enter the

command
#docker images
 - To see the images created.

- We will run the image to deploy the application on

container.

stage('Deploy the Image')

{
steps{
sh 'docker run -d -P my-banking-finance-
project1:$BUILD_NUMBER '
}
}
- Now click on build now.
 - The build is success now goto terminal and check
for the container enter the below command to see
the running containers.
# docker ps -a

- Now copy the ip address of the machine and the

paste it on the browser with the port 32768
Step 5: Monitoring of this Jenkins job using
Prometheus and Grafana
- Create a system user for Prometheus using below
commnds:
#sudo useradd --no-create-home --shell /bin/false
Prometheus

- Create the directories in which we will be storing

our configuration files and libraries:
#sudo mkdir /etc/prometheus
#sudo mkdir /var/lib/Prometheus

- Set the ownership of the /var/lib/prometheus

directory with below command:
#sudo chown prometheus:prometheus
/var/lib/Prometheus

- You need to inside /tmp :

#cd /tmp/
 - Go to official page downloads Prometheus:
https://prometheus.io/download/#prometheus

# wget
https://github.com/prometheus/prometheus/release
s/download/v3.0.0/prometheus-3.0.0.linux-
amd64.tar.gz

# sudo tar -xvf prometheus-3.0.0.linux-amd64.tar.gz

Move the configuration file and set the owner to the
prometheus
#cd prometheus-3.0.0.linux-amd64
#sudo mv promotool /etc/prometheus
#sudo mv prometheus.yml /etc/prometheus
#sudo chown -R prometheus:prometheus
/etc/Prometheus

- Move the binaries and set the owner:

#sudo mv prometheus /usr/local/bin/
#sudo chown prometheus:prometheus
/usr/local/bin/Prometheus
 - Create the service file using below command:
#sudo nano /etc/systemd/system/prometheus.service
[Unit]
Description=Prometheus
Wants=network-online.target
After=network-online.target

[Service]
User=prometheus
Group=prometheus
Type=simple
ExecStart=/usr/local/bin/prometheus \
--config.file /etc/prometheus/prometheus.yml \
--storage.tsdb.path /var/lib/prometheus/ \
--web.console.templates=/etc/prometheus/consoles \
--
web.console.libraries=/etc/prometheus/console_libra
ries

[Install]
WantedBy=multi-user.target
 - Reload systemd:
#sudo systemctl daemon-reload

- Start and enable Prometheus service:

#sudo systemctl start prometheus
#sudo systemctl enable prometheus
#sudo systemctl status Prometheus
- Now access Prometehus in your browser
<server-ip>:9090
 - Install Node Exporter on Ubuntu 22.04 LTS
# wget
https://github.com/prometheus/node_exporter/relea
ses/download/v1.8.2/node_exporter-1.8.2.linux-
amd64.tar.gz
# sudo tar xvfz node_exporter-*.*-amd64.tar.gz

- Move the binary file of node exporter to

/usr/local/bin location.
sudo mv node_exporter-*.*-amd64/node_exporter
/usr/local/bin/

- Create a node_exporter user to run the node

exporter service
#sudo useradd -rs /bin/false node_exporter
- Create a Custom Node Exporter Service
#sudo nano
/etc/systemd/system/node_exporter.service
[Unit]
Description=Node Exporter
After=network.target

[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter
[Install]
WantedBy=multi-user.target

- Reload the systemd

#sudo systemctl daemon-reload

- To Start, enable node exporter:

#sudo systemctl enable node_exporter
#sudo systemctl start node_exporter
#sudo systemctl status node_exporter
 - Lets update our configuration file using below
command:
sudo nano /etc/prometheus/prometheus.yml
- job_name: 'Node_Exporter'

scrape_interval: 5s

static_configs:

- targets:
['<Server_IP_of_Node_Exporter_Machine>:9100']
 - After changes any configuration file we need to
restart our prometheus
#sudo systemctl restart prometheus.service

- Install Grafana on Ubuntu 22.04 LTS

- Download the Grafana GPG key with wget, then
pipe the output to apt-key. This will add the key to
your APT installation’s list of trusted keys, which
will allow you to download and verify the GPG-
signed Grafana package:
#wget -q -O - https://packages.grafana.com/gpg.key |
sudo apt-key add –
 - Next, add the Grafana repository to your APT
sources:
#sudo add-apt-repository "deb
https://packages.grafana.com/oss/deb stable main"
- Refresh your APT cache to update your package
lists:
#sudo apt update
- You can now proceed with the installation:
#sudo apt install Grafana
- Once Grafana is installed, use systemctl to start the
Grafana server:
#sudo systemctl start grafana-server
- Next, verify that Grafana is running by checking the
service’s status:
#sudo systemctl status grafana-server
#sudo systemctl enable grafana-server
- Lets Access in browser:
<instance_ip>:3000
Output:
default username: admin
- Now click on data sources > enter the Prometheus
URL. And click on save and test.
 - Goto manage Jenkins and install the plugin
# Prometheus metrics
 - To create a static target, you need to add
job_name with static_configs
sudo vim /etc/prometheus/prometheus.yml
Paste below code
- job_name: 'jenkins'
metrics_path: '/prometheus'
static_configs:
- targets: ['<jenkins-ip>:8080']

- After changes in config file we need to restart

prometheus
#sudo systemctl restart prometheus
 - Check the targets section

- Let’s add a Dashboard

Click On Dashboard → + symbol → Import Dashboard
Use Id 9964 and click on load
- We are using a Grafana community dash board to
monitor the VM activities.