From bba7a21c092ac4bbf975377295839df5c9ad9097 Mon Sep 17 00:00:00 2001 From: Luca Sacchi Ricciardi Date: Fri, 10 Apr 2026 15:01:23 +0000 Subject: [PATCH] fix: align root docs and lab preparation cleanup --- README.md | 8 ++++---- TROUBLESHOOTING.md | 7 +++++-- scripts/prepare-lab.sh | 22 +++++++++++++++++----- 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index c988abf..4be411e 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ Configura Docker Volumes e MinIO per storage S3-compatible. - Volumes named e bind mounts - MinIO come S3 locale - Parallelismo: Docker Volumes -> EBS, MinIO -> S3 -- **Test:** 6/6 verifiche passate (100%) +- **Test:** verifica finale disponibile nel lab (`bash tests/99-final-verification.sh`) **Documentazione:** [Tutorial](labs/lab-04-storage/tutorial/) | [How-to](labs/lab-04-storage/how-to-guides/) | [Reference](labs/lab-04-storage/reference/) | [Explanation](labs/lab-04-storage/explanation/) @@ -115,7 +115,7 @@ Deploy PostgreSQL in rete privata con persistenza dati. - Container database in rete isolata - Backup e restore dei dati - Parallelismo: PostgreSQL container -> RDS, Volume -> Snapshot -- **Test:** 7/7 verifiche passate (100%) +- **Test:** verifica finale disponibile nel lab (`bash tests/99-final-verification.sh`) **Documentazione:** [Tutorial](labs/lab-05-database/tutorial/) | [How-to](labs/lab-05-database/how-to-guides/) | [Reference](labs/lab-05-database/reference/) | [Explanation](labs/lab-05-database/explanation/) @@ -200,14 +200,14 @@ Per pulire invece tutto l'ambiente Docker locale: Questo corso segue principi di sicurezza rigorosi: -1. **Minimo Privilegio**: I container non girano mai come root +1. **Minimo Privilegio**: dove previsto, il processo principale del servizio non deve girare come root 2. **Isolamento di Rete**: Le reti private non espongono porte sull'host 3. **Limiti di Risorse**: Ogni container ha limiti CPU e memoria configurati 4. **Persistenza**: I dati sopravvivono al riavvio dei container ## Roadmap -### Progresso Complessivo: 100% (6/10 Phase completate) +### Progresso Complessivo: 5 laboratori core completati | Phase | Stato | Descrizione | |-------|------|------------| diff --git a/TROUBLESHOOTING.md b/TROUBLESHOOTING.md index 67348cb..b8757f6 100644 --- a/TROUBLESHOOTING.md +++ b/TROUBLESHOOTING.md @@ -162,9 +162,12 @@ curl http://localhost:9000/minio/health/live docker exec lab05-db pg_isready -U lab05_user ``` -**Soluzione:** Il database è in rete privata. Usa container app per connetterti: +**Soluzione:** Il database è in rete privata. Usa un client PostgreSQL nella stessa rete privata: ```bash -docker exec lab05-app psql -h db -U lab05_user -d lab05_db +docker run --rm --network lab05-vpc-private \ + -e PGPASSWORD=lab05_password \ + postgres:16-alpine \ + psql -h db -U lab05_user -d lab05_db ``` #### Connessione dal host fallisce diff --git a/scripts/prepare-lab.sh b/scripts/prepare-lab.sh index 28a39ab..0c3d669 100755 --- a/scripts/prepare-lab.sh +++ b/scripts/prepare-lab.sh @@ -45,7 +45,7 @@ Options: What this script targets: - Containers named lab01*, lab02-*, lab03-*, lab04-*, lab05-* - - Networks named lab02-vpc-*, lab05-vpc-*, lab-04-storage_default + - Networks named lab-01-iam_default, lab-03-compute_default, lab-04-storage_default, lab02-vpc-*, lab05-vpc-* - Volumes named lab-02-network_*, lab-03-compute_*, lab-04-storage_*, lab-05-database_* Examples: @@ -82,7 +82,7 @@ while [ $# -gt 0 ]; do done mapfile -t COURSE_CONTAINERS < <(docker ps -a --format '{{.ID}} {{.Names}}' 2>/dev/null | grep -E '^[0-9a-f]+ (lab01|lab02-|lab03-|lab04-|lab05-)' | cut -d' ' -f1) -mapfile -t COURSE_NETWORKS < <(docker network ls --format '{{.Name}}' 2>/dev/null | grep -E '^(lab02-vpc-|lab05-vpc-|lab-04-storage_default)' || true) +mapfile -t COURSE_NETWORKS < <(docker network ls --format '{{.Name}}' 2>/dev/null | grep -E '^(lab02-vpc-|lab05-vpc-|lab-01-iam_default|lab-03-compute_default|lab-04-storage_default)' || true) mapfile -t COURSE_VOLUMES < <(docker volume ls --format '{{.Name}}' 2>/dev/null | grep -E '^lab-(02-network|03-compute|04-storage|05-database)_' || true) echo "==========================================" @@ -123,19 +123,31 @@ run_or_print() { if [ ${#COURSE_CONTAINERS[@]} -gt 0 ]; then print_info "Removing course containers..." - run_or_print "remove containers" docker rm -f "${COURSE_CONTAINERS[@]}" >/dev/null 2>&1 || true + if [ "$DRY_RUN" = true ]; then + run_or_print "remove containers" docker rm -f "${COURSE_CONTAINERS[@]}" + else + docker rm -f "${COURSE_CONTAINERS[@]}" >/dev/null 2>&1 || true + fi print_success "Processed ${#COURSE_CONTAINERS[@]} container(s)" fi if [ ${#COURSE_NETWORKS[@]} -gt 0 ]; then print_info "Removing course networks..." - run_or_print "remove networks" docker network rm "${COURSE_NETWORKS[@]}" >/dev/null 2>&1 || true + if [ "$DRY_RUN" = true ]; then + run_or_print "remove networks" docker network rm "${COURSE_NETWORKS[@]}" + else + docker network rm "${COURSE_NETWORKS[@]}" >/dev/null 2>&1 || true + fi print_success "Processed ${#COURSE_NETWORKS[@]} network(s)" fi if [ "$KEEP_VOLUMES" = false ] && [ ${#COURSE_VOLUMES[@]} -gt 0 ]; then print_info "Removing course volumes..." - run_or_print "remove volumes" docker volume rm "${COURSE_VOLUMES[@]}" >/dev/null 2>&1 || true + if [ "$DRY_RUN" = true ]; then + run_or_print "remove volumes" docker volume rm "${COURSE_VOLUMES[@]}" + else + docker volume rm "${COURSE_VOLUMES[@]}" >/dev/null 2>&1 || true + fi print_success "Processed ${#COURSE_VOLUMES[@]} volume(s)" elif [ "$KEEP_VOLUMES" = true ]; then print_info "Skipping volume removal as requested"