SCGC Homework

May 2021

Project Overview
The project aims to test the skills and knowledge gathered from the SCGC labs. The project contains 3
tasks and the maximum score you can get is 100 points, which represents 20% of your final course score.
The project aims to replicate an automatic process of configuring the nodes in a cluster infrastructure
using configuration management tools: Puppet and Ansible. Using the setup described in the next section,
you will have to configure VMs with Puppet Manifests and Ansible playbooks that solve the given tasks,
alongside auxiliary configuration files.

Setup
Virtual Machine creation
For setting up the environment for the project, you have to create a virtual machine in the faculty’s cloud,
OpenStack with the following:

• name: SCGC Project - LastName FirstName, where LastName and FirstName are your last
(sur) name, and respectively, your first (given) name. For example, a student named John Doe must
name its virtual machine SCGC Project - Doe John.
• template: SCGC Template.
• flavor: m1.large.

Setup archive
After creating the virtual machine, download the setup archive, using the following commands:
[student@scgc ~] $ cd scgc
[student@scgc ~/scgc] $ wget --user=<username> --ask-password \
https://repository.grid.pub.ro/cs/scgc/proiect/scgc_2021.zip
After unzipping you should have 3 KVM image files (puppet.qcow2, ansible.qcow2, docker.qcow2), a
script used to start the VMs (homework-prepare) and a script used to test your implementation (checker.py).
To start the VMs, run the startup script:

student@scgc:~/scgc$ sudo bash homework-prepare

The KVM virtual machines for the project will boot (can take up to 10 minutes).

Architecture
You will work using the architecture shown in Figure 1, that contains the following components:
• Host - the virtual machine you have created using OpenStack. It serves as a Puppet server for
Puppet Client.
• Puppet Client - CentOS 7 based virtual machine that acts as a Puppet Client and retrieves from
time to time its configuration from the Puppet Server (Host).
• Ansible Client - Debian based virtual machine that will be configured using an Ansible playbook.
• Docker - a virtual machine that runs 2 Node.js dockers (on ports 8091 and 8092).
In Figure 1, you can see how the virtual machines are interconnected and the IP addresses that can be used
for access. The user is student and the password is student. In order to access the VMs, you can use:

student@scgc:~/scgc$ ssh student@10.10.0.11 # puppet

student@scgc:~/scgc$ ssh student@10.10.0.12 # ansible
student@scgc:~/scgc$ ssh student@10.10.0.21 # docker

1
 Puppet Client

Host
Ansible Client
SCGC Template 10.10.0.11

10.10.0.1 10.10.0.12

10.10.0.21

Docker

Figure 1: Project’s Architecture

Customized content
Each student has customized parameters that needs to be configured while solving the tasks. You can
access your customized values by running the following command and replacing <username> with your
LDAP username:

$ curl -k https://141.85.224.120 -X POST -d ’password=stranger-scripts3&user=<username>’

...
Task 1 - DNS:
...
Task 2 - LoadBalancer:
....
Task 3 - Docker:
....

Checker
To check your homework, run the following command, where test.user is your LDAP username:
python3 checker.py -u test.user

Task 1. DNS (30p)

For this task, you have to setup a DNS on the Puppet Client VM, using only Puppet. All setup on the
Puppet Client must be done through the Puppet agent (i.e. you must not issue commands directly on
the Puppet Client virtual machine).

Host (SCGC Template) Puppet Client

Puppet Server

10.10.0.1 10.10.0.11

puppet-server puppet (agent)

Manifests and DNS service and
configuration files configuration

Figure 2: Task 1: DNS

Figure 2 shows how the components interact. You must create one or more Manifest files, and auxiliary
configuration files on the Host. The Manifest files will be applied periodically on the Puppet Client.
Hint: https://puppet.com/docs/puppet/7.6/dirs_manifest.html.

2
You have to configure 4 types of DNS entries:
• NS
• A
• MX
• CNAME
This task must be implemented using the values you download from the 141.85.224.120 server (see the
Customized content section for the command).

Task 2. Load balancer (30p)

For this task, you must use the Ansible virtual machine as a load balancer using nginx for the web servers
that run on the Docker VM on ports 8091 and 8092.

Ansible (Debian)

Load balancer configuration

nginx

apply playbook load balance

10.10.0.12
Host (SCGC Template) Docker

10.10.0.1 10.10.0.21 port 8091 (nginx)

port 8092 (nginx)

playbook

Figure 3: Task 2: Load Balancer

Figure 3 shows how you should approach this task. You have to write a playbook that sets up the Ansible
VM to use nginx and to load-balance the traffic for the two docker web servers.
You have to configure various components for the load balancer (HTTP version, TSL versions, TLS ciphers,
load balancing algorithm and its weights, TLS certificate). Download your customized entries for this task
by running the command shown in the ”Customized content” section.
The load balancer must also forward the requester’s IP address and communication protocol to the servers
it balances traffic for. The web servers rely on the common X-Forwarded headers to get this information.

Task 3. Docker (40p)

For this task, you will work with the Docker VM and create an Ansible playbook to configure a docker
container with NodeJS. In the interest of saving space and faster deployment, you must start from the alpine
variation of the node reference container (https://hub.docker.com/_/node). Figure 4 presents this task’s
architecture.
You have to configure various parameters for the containers (user, group, directory, permissions, name, IP,
network, port). Download your customized entries for this task by running the command shown in the
”Customized content” section.

3
 Host (SCGC Template) Docker

10.10.0.1 10.10.0.21

apply playbook

Figure 4: Task 3: Docker

Submit your homework

Important! The archives that do not respect the following presented restrictions will not be graded.
To submit your homework, you must upload a .zip archive that contains the following directories on Moodle:
• 1-dns: The Manifest file (named dns.pp).
• 2-loadbalancer: A playbook (named main.yml), an inventory file (named inventory.yml) and a
vault file with the password required to run sudo on the server.
• 3-docker: A playbook (named main.yml), an inventory file (named inventory.yml) and a vault file
with the password required to run sudo on the server.
• README.txt

Beside the files mentioned above, you may include any additional files that are used by your manifest files
/ playbooks.

Note 1: Since the puppet files must be placed in certain directories to be read by the server, the archive
you submit must contain the entire directory hierarchy, except the leading / for these files - e.g., if the
deployment will need a file with the full path /a/b/c/d.txt for the first task, the contents of 1-dns will be
1-dns/a/b/c/d.txt.
For the ansible tasks you can choose whatever hierarchy you prefer, but the inventory.yml and main.yml
files must be located immediately in the task’s directory.

Note 2: Ansible uses SSH connections to run commands and configure systems. As good practice, SSH
root login may be disabled on certain systems and SSH key login is used instead of password login. You can
create ansible / docker entries in your SSH configuration file that allows you to connect to the Ansible
/ Docker VMs with the student user. Afterwards, you can use this entry in your ansible inventory file
instead of a hostname.
Your SSH configuration must log you in using the student user, and the ansible playbook must use a vault
file to store the password required to run sudo. You cannot expect that you will be able to login or run
commands as root directly. The vault file must be encrypted using the ”student” password.

The archive should be named scgc-ldapusername.zip, where ldapusername is your LDAP username (e.g.
scgc-john.doe0213.zip).