Deadline % allocated to this assignment To be submitted via To be attempted

 Please read this first Sunday 22/05/2022 (11:59 pm AEST) 45% (to be marked out of 100) GIT & Canvas Individually RMIT Classification:

 Trusted COSC2759 Assignment 2 Specifications All of us have been affected by the unfortunate COVID-19 scenario and its aftermath. It is often hard to concentrate and study online; but as a student enrolled in this course, it is your responsibility to regularly attend online lecture, your respective labs and consultation session(s). • Bring your questions to online discussion board, consultation sessions or email Ashley Mallia ([email protected]) • Watch the online recordings on a regular basis if you cannot attend the live sessions. • Do not start the assignment at the last minute. • Do not ask for last minute extensions, these are often rejected. Extensions can only be granted for personal and medical reasons, provided you can supply some evidence. DevOps is a very important skill to have. There is a clear lack of training in this area for the graduates and as such doing well in this course will give you a competitive edge over graduates from other universities. Global industry projects involving teams at geographically different locations often run fully online. Think of this semester as a training for future. In the fast-evolving CS&IT industry, the online medium is very popular and vastly used. You have more than 4 weeks to complete this assignment. The best time to get started is now. 1 RMIT Classification: Trusted Scenario Alpine Inc. has been very excited about the progress you’ve made so far and have started looking at the next steps for them. So far, their application deployments have all been manual using ClickOps, which is prone to human error. They would like you to have a look at how to automate the infrastructure and application deployment. They don’t think they are ready for Kubernetes and containers yet, so they would like you to use EC2 instances to host the application. The Approach To make this easier for Alpine Inc, which is rather immature with DevOps methodologies and practices, you have opted to use SaaS tools where possible to help reduce the learning curve for their development team. You will follow best practice principles and make as much of your solution using code, this includes your CI build configuration and scaffolding scripts. Tools to use: • GitHub (GitHub Classroom) • GitHub Actions – used for creating the pipelines • Terraform • Ansible • AWS 2 RMIT Classification: Trusted Access GitHub Classroom We will be using GitHub classroom to edit and manage the code base. All the core files for the application will be provided to you here. Please accept the invite below to join the classroom and get access to Assignment #2. You will be expected to work within and make your commits to this 1. 2. 3. repo. Join the classroom https://classroom.github.com/a/mHwb4tde and login with your GitHub account. Choose your student number from the list. Click on the “Accept this assignment” button and refresh the browser a few times until you get the following screen: 4. 5. 6. Click on the link to go to your newly created repository. You will be taken to your new repository. The core files for this assignment have been provided to you. Click the code button and clone this repo to your local machine to start working. 3 RMIT Classification: Trusted Deliverables Alpine Inc. expects you to update your GitHub classroom repository with all the code and documentation required to run what you are building for them. This includes the files that define any shell scripts, docker files, ansible scripts and anything else you use. For a Pass 1. Edit the markdown file Readme.md in the root of your git repo. • The Alpine Inc team needs to be able to understand why you chose to approach your solution the way you did. Create a document with details for each of the elements in your solution, explain how the element works. Write as little as possible to communicate your message. Add screenshots where appropriate to demonstrate that you have completed the requirements for each section. • Create a step-by-step guide including all steps needed to deploy your solution. Your document should have sufficient detail so that someone with no prior knowledge of your solution can follow it. We recommend you document as you go and as you build out specific features. • AWS Architecture Diagram (with lucidchart, draw.io or similar diagramming tool) 5% • Analysis of the problem (What are you trying to solve?) 5% • Step by Step Deployment Guide 10% • Writing quality, layout and accuracy will influence all marking. 2. Use Terraform to create the following network infrastructure: 5% • Create a VPC with CIDR block 10.0.0.0/16. • Create 9 subnets with size /22 with 3 layers (named public, private, and data) across 3 availability zones (az1=us-east-1a, az2=us-east-1b, az3=us-east-1c). Name the subnets consecutively as public_az1, public_az2, ..., data_az2, data_az3. Only the public subnets should be configured to map_public_ip_on_launch=true. • Add an internet gateway to the VPC. • Add a default route table to the VPC which routes 0.0.0.0/0 to the internet gateway. 4 RMIT Classification: Trusted 3. Use Terraform to create the following 3-layer application infrastructure: 5% • a public load balancer deployed in the public layer (all AZs), with a listener and target group. Note: we are not using an auto scaling configuration in this assignment. • an EC2 instance named “web” deployed into private_az1 (use the latest Amazon Linux 2 64-bit (x86) image and deploy a t2.micro instance size). • an EC2 instance named “db” deployed in the data_az1 (use the latest Amazon Linux 2 64-bit (x86) image and deploy a t2.micro instance size). 4. There should be security groups defined to limit access to what is required. 5% • The load balancer should allow http ingress on port 80 • The “web” instance should allow ingress on the appropriate application port and SSH ingress on port 22 • The “db” instance should allow ingress on the appropriate database port and allow SSH ingress on port 22 • In all the above cases, egress should allow all outbound traffic. 5. Automate deployment of the application using Ansible 15% • Set up an ansible playbook that deploys and configures the application on the “web” instance. • Set up an ansible playbook that deploys and configures a mongo:4.0 into the “db” instance. Your ansible automation should do the following: • Automatically generate the inventory file (hint: a shell script & terraform output) • Copy the artefact you have generated to the remote machine (hint: to generate the artifact you can run make pack) • Configure dependencies and install node dependencies. • Configure the application with the correct database endpoint and credentials. • Application settings should automatically be fed in, rather than manually entered (hint: terraform output, how you choose to set these are up to you) 5 RMIT Classification: Trusted • Set the application and database up as a service using systemd so that they will automatically start if the server is rebooted. For Credit Run “make bootstrap” to initialize an S3 bucket and DynamoDB table for use. The terraform output will be used to fill in the ****** below 6. Update your main.tf in Terraform to use an S3 backend with the following details: 10% • State files stored in an S3 bucket called “rmit-tfstate-******” and key "assignment-2/infra- deployment" • DynamoDB to lock the statefile with dynamodb_endpoint = “https://dynamodb.us-east- 1.amazonaws.com” and dynamodb_table = "rmit-locktable-******” 7. Explain the limitations in our database deployment 10% Our application requires mongodb to run. To your Readme.md add a section to explain the limitations of using a single ec2 instance to deploy a database. Give at least two options which do not require ec2. For Distinction 8. Update your Terraform Templates to automatically use the latest 10% Amazon Linux 2 64-bit (x86) AMI as opposed to being statically assigned. Hint: Look at Terraform Data Sources. You will need to update the aws_instance resource to obtain the AMI ID from the datasource you created as opposed to using a hardcoded value. https://www.terraform.io/docs/language/data-sources https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami 6 RMIT Classification: Trusted For High-Distinction 9. If you can finish all the above tasks, then you can start working on HD tasks. 20% No help or consultation will be provided for these tasks. This is a strictly self-research section. • Create a GitHub Actions pipeline to deploy the application automatically. You will be assessed on: • Storing credentials in GitHub Secrets. Never commit credentials. • Your ability to automate the deployment of the AWS infrastructure using Terraform. • Your ability to deploy the application and configure it automatically using Ansible • Your ability to document and explain the solution so the scripts provided can be executed by someone with no prior context • How well you analyse the problem and justify your solution for each task • Do you use the branching and commit changes often? 7 RMIT Classification: Trusted Plagiarism All assignments will be checked with plagiarism-detection software; any student found to have plagiarized would be subject to disciplinary action. Plagiarism includes: • CONTRACT CHEATING: paying someone to do your work • CONTRACT CHEATING: getting someone else to write the test or attend demo • submitting work that is not your own or submitting text that is not your own • copying work from/of previous/current semester students • allowing others to copy your work via email, printouts, social media etc. • posting assignment questions (in full or partial) on external technical forums • sending or passing your work to your friends • posting assignment questions on technical forums to get them solved. A disciplinary action can lead to: • a meeting with the disciplinary committee • a score of zero for the assignment • a permanent record of copying in your personal university records and/or • expulsion from the university, in some severe cases All plagiarism will be penalised. There are no exceptions and no excuses. You have been warned. For more details please read RMIT’s page on Academic Integrity at https://www.rmit.edu.au/students/student-essentials/assessment-and- exams/academic-integrity 8 RMIT Classification: Trusted Submission Procedure Submit your assignment by using the Website URL submission option: • Website URL, is the URL of your GitHub repository formatted like https://github.com/rmit- computing-technologies/cosc2759-assignment-2-<your github username> • Comment should be: Your full name and Student ID Late submissions and extension-related information A penalty of 10% per day of the total marks for each assignment will apply for each day a submission is late, including both weekdays and the weekend. After 5 days, you will receive zero marks for that assignment. Contact the course coordinator Shekhar Kalra ([email protected]) for extension related queries. 9