refactor: replace deprecated docker-compose with docker compose across repository
This commit is contained in:
Luca Sacchi Ricciardi
@@ -37,7 +37,7 @@ Requirements per il rilascio iniziale. Ogni requisito mappa a una fase della roa
|
|||||||
- [ ] **INF-02**: Reti private non espongono porte sull'host (127.0.0.1 max, mai 0.0.0.0)
|
- [ ] **INF-02**: Reti private non espongono porte sull'host (127.0.0.1 max, mai 0.0.0.0)
|
||||||
- [ ] **INF-03**: Tutti i container hanno limiti risorse obbligatori (cpus, mem_limit)
|
- [ ] **INF-03**: Tutti i container hanno limiti risorse obbligatori (cpus, mem_limit)
|
||||||
- [ ] **INF-04**: Dati persistenti sopravvivono a riavvio container (named volumes)
|
- [ ] **INF-04**: Dati persistenti sopravvivono a riavvio container (named volumes)
|
||||||
- [x] **INF-05**: File docker-compose.yml validati con `docker-compose config` prima dell'uso
|
- [x] **INF-05**: File docker-compose.yml validati con `docker compose config` prima dell'uso
|
||||||
|
|
||||||
### Git & Workflow
|
### Git & Workflow
|
||||||
|
|
||||||
|
|||||||
@@ -56,7 +56,7 @@
|
|||||||
1. Studente può clonare la repository e trovare istruzioni chiare per configurare Docker Engine >= 24.0 e Compose V2
|
1. Studente può clonare la repository e trovare istruzioni chiare per configurare Docker Engine >= 24.0 e Compose V2
|
||||||
2. Studente può eseguire script di verifica ambiente che controlla Docker, utility di rete, e risorse minime
|
2. Studente può eseguire script di verifica ambiente che controlla Docker, utility di rete, e risorse minime
|
||||||
3. Studente può eseguire comando di reset completo ambiente (cleanup volumi, reti)
|
3. Studente può eseguire comando di reset completo ambiente (cleanup volumi, reti)
|
||||||
4. Ogni file docker-compose.yml può essere validato con `docker-compose config` prima dell'uso
|
4. Ogni file docker-compose.yml può essere validato con `docker compose config` prima dell'uso
|
||||||
5. Repository ha struttura chiara con cartelle `labs/`, `how-to-guides/`, `reference/`
|
5. Repository ha struttura chiara con cartelle `labs/`, `how-to-guides/`, `reference/`
|
||||||
|
|
||||||
**Plans:** 2
|
**Plans:** 2
|
||||||
@@ -239,7 +239,7 @@
|
|||||||
**Requirements:** TEST-02, TEST-03, INF-01, INF-02, INF-03, INF-04, INF-05, PARA-01, PARA-02, PARA-03, PARA-04
|
**Requirements:** TEST-02, TEST-03, INF-01, INF-02, INF-03, INF-04, INF-05, PARA-01, PARA-02, PARA-03, PARA-04
|
||||||
|
|
||||||
**Success Criteria** (what must be TRUE):
|
**Success Criteria** (what must be TRUE):
|
||||||
1. Tutti i 5 laboratori sono eseguibili end-to-end senza errori (`docker-compose up` funziona)
|
1. Tutti i 5 laboratori sono eseguibili end-to-end senza errori (`docker compose up` funziona)
|
||||||
2. Tutti i 4 documenti Diátaxis sono completi per ogni lab (Tutorial, How-to, Reference, Explanation)
|
2. Tutti i 4 documenti Diátaxis sono completi per ogni lab (Tutorial, How-to, Reference, Explanation)
|
||||||
3. Tutti i criteri sicurezza sono verificati: no root, reti isolate, limiti risorse, persistenza dati
|
3. Tutti i criteri sicurezza sono verificati: no root, reti isolate, limiti risorse, persistenza dati
|
||||||
4. Tutti i parallelismi cloud ↔ locale sono documentati: Docker Networks → VPC, MinIO → S3, PostgreSQL → RDS
|
4. Tutti i parallelismi cloud ↔ locale sono documentati: Docker Networks → VPC, MinIO → S3, PostgreSQL → RDS
|
||||||
@@ -261,7 +261,7 @@ Every v1 requirement mapped to exactly one phase:
|
|||||||
- SETUP-03: Specificate risorse minime consigliate (RAM, CPU)
|
- SETUP-03: Specificate risorse minime consigliate (RAM, CPU)
|
||||||
- SETUP-04: Fornito script di verifica ambiente (check Docker, check versioni)
|
- SETUP-04: Fornito script di verifica ambiente (check Docker, check versioni)
|
||||||
- SETUP-05: Fornito comando di reset completo ambiente (cleanup volumi, reti)
|
- SETUP-05: Fornito comando di reset completo ambiente (cleanup volumi, reti)
|
||||||
- INF-05: File docker-compose.yml validati con `docker-compose config` prima dell'uso
|
- INF-05: File docker-compose.yml validati con `docker compose config` prima dell'uso
|
||||||
|
|
||||||
### Lab 01 - IAM (Phase 2)
|
### Lab 01 - IAM (Phase 2)
|
||||||
- LAB-01: Studente può configurare utenti Linux, gruppi e permessi per accesso Docker socket
|
- LAB-01: Studente può configurare utenti Linux, gruppi e permessi per accesso Docker socket
|
||||||
@@ -364,7 +364,7 @@ Every v1 requirement mapped to exactly one phase:
|
|||||||
- INF-02: Validazione finale reti isolate
|
- INF-02: Validazione finale reti isolate
|
||||||
- INF-03: Validazione finale limiti risorse
|
- INF-03: Validazione finale limiti risorse
|
||||||
- INF-04: Validazione finale persistenza dati
|
- INF-04: Validazione finale persistenza dati
|
||||||
- INF-05: Validazione finale docker-compose config
|
- INF-05: Validazione finale docker compose config
|
||||||
- PARA-01: Validazione finale parallelismi cloud-locale
|
- PARA-01: Validazione finale parallelismi cloud-locale
|
||||||
- PARA-02: Validazione finale nomenclatura cloud
|
- PARA-02: Validazione finale nomenclatura cloud
|
||||||
- PARA-03: Validazione finale differenze documentate
|
- PARA-03: Validazione finale differenze documentate
|
||||||
|
|||||||
+1
-1
@@ -180,7 +180,7 @@ Execute Phase 2 Plan 02 - User Implementation (GREEN phase) to make tests pass
|
|||||||
- [ ] Requisiti Docker Engine >= 24.0 e Compose V2 documentati
|
- [ ] Requisiti Docker Engine >= 24.0 e Compose V2 documentati
|
||||||
- [ ] Script verifica ambiente funziona (check Docker, versioni, utility rete)
|
- [ ] Script verifica ambiente funziona (check Docker, versioni, utility rete)
|
||||||
- [ ] Comando cleanup/reset ambiente testato
|
- [ ] Comando cleanup/reset ambiente testato
|
||||||
- [ ] File docker-compose.yml possono essere validati con `docker-compose config`
|
- [ ] File docker-compose.yml possono essere validati con `docker compose config`
|
||||||
|
|
||||||
**General quality indicators (apply to all phases):**
|
**General quality indicators (apply to all phases):**
|
||||||
- [ ] I 4 documenti Diátaxis sono redatti con tono diretto e semplice
|
- [ ] I 4 documenti Diátaxis sono redatti con tono diretto e semplice
|
||||||
|
|||||||
@@ -141,7 +141,7 @@ Since this phase sets up infrastructure and tooling, validation focuses on:
|
|||||||
- **Validation:** `scripts/reset-env.sh` exists and cleans all Docker artifacts
|
- **Validation:** `scripts/reset-env.sh` exists and cleans all Docker artifacts
|
||||||
- **Test:** After running, `docker ps` shows no containers, `docker network ls` shows only default networks
|
- **Test:** After running, `docker ps` shows no containers, `docker network ls` shows only default networks
|
||||||
|
|
||||||
**Success Criterion 4:** Ogni file docker-compose.yml può essere validato con `docker-compose config` prima dell'uso
|
**Success Criterion 4:** Ogni file docker-compose.yml può essere validato con `docker compose config` prima dell'uso
|
||||||
- **Validation:** `scripts/validate-compose.sh` exists and validates compose files
|
- **Validation:** `scripts/validate-compose.sh` exists and validates compose files
|
||||||
- **Test:** Script catches YAML errors and configuration issues
|
- **Test:** Script catches YAML errors and configuration issues
|
||||||
|
|
||||||
|
|||||||
@@ -70,7 +70,7 @@ re_verification: false
|
|||||||
| SETUP-03 | 01-01 | Specificate risorse minime consigliate (RAM, CPU) | SATISFIED | README.md lines 22-26: RAM 16GB, CPU 4 cores, scripts/check-env.sh reports actual values |
|
| SETUP-03 | 01-01 | Specificate risorse minime consigliate (RAM, CPU) | SATISFIED | README.md lines 22-26: RAM 16GB, CPU 4 cores, scripts/check-env.sh reports actual values |
|
||||||
| SETUP-04 | 01-01 | Fornito script di verifica ambiente (check Docker, check versioni) | SATISFIED | scripts/check-env.sh exists (165 lines), validates Docker version, Compose V2, utilities |
|
| SETUP-04 | 01-01 | Fornito script di verifica ambiente (check Docker, check versioni) | SATISFIED | scripts/check-env.sh exists (165 lines), validates Docker version, Compose V2, utilities |
|
||||||
| SETUP-05 | 01-01 | Fornito comando di reset completo ambiente (cleanup volumi, reti) | SATISFIED | scripts/reset-env.sh exists (232 lines), stops containers, removes networks/volumes with --dry-run |
|
| SETUP-05 | 01-01 | Fornito comando di reset completo ambiente (cleanup volumi, reti) | SATISFIED | scripts/reset-env.sh exists (232 lines), stops containers, removes networks/volumes with --dry-run |
|
||||||
| INF-05 | 01-01 | File docker-compose.yml validati con docker-compose config prima dell'uso | SATISFIED | scripts/validate-compose.sh exists (94 lines), uses `docker compose config` for validation |
|
| INF-05 | 01-01 | File docker-compose.yml validati con docker compose config prima dell'uso | SATISFIED | scripts/validate-compose.sh exists (94 lines), uses `docker compose config` for validation |
|
||||||
|
|
||||||
**All 8 requirement IDs accounted for and satisfied.**
|
**All 8 requirement IDs accounted for and satisfied.**
|
||||||
|
|
||||||
|
|||||||
@@ -86,8 +86,8 @@ test_unauthorized_access() {
|
|||||||
## INF-01 Verification Pattern
|
## INF-01 Verification Pattern
|
||||||
```bash
|
```bash
|
||||||
# From RESEARCH.md - Non-root container verification
|
# From RESEARCH.md - Non-root container verification
|
||||||
for service in $(docker-compose ps --services); do
|
for service in $(docker compose ps --services); do
|
||||||
container_name=$(docker-compose ps -q $service)
|
container_name=$(docker compose ps -q $service)
|
||||||
actual_user=$(docker exec $container_name whoami 2>/dev/null)
|
actual_user=$(docker exec $container_name whoami 2>/dev/null)
|
||||||
if [ "$actual_user" = "root" ]; then
|
if [ "$actual_user" = "root" ]; then
|
||||||
echo "FAIL: $service running as root"
|
echo "FAIL: $service running as root"
|
||||||
@@ -444,7 +444,7 @@ test_no_container_runs_as_root() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Get all services from compose file
|
# Get all services from compose file
|
||||||
local services=$(docker-compose -f "$compose_file" ps --services 2>/dev/null || echo "")
|
local services=$(docker compose -f "$compose_file" ps --services 2>/dev/null || echo "")
|
||||||
|
|
||||||
if [ -z "$services" ]; then
|
if [ -z "$services" ]; then
|
||||||
echo -e "${YELLOW}SKIP${NC}: No services defined yet"
|
echo -e "${YELLOW}SKIP${NC}: No services defined yet"
|
||||||
@@ -455,7 +455,7 @@ test_no_container_runs_as_root() {
|
|||||||
local root_containers=0
|
local root_containers=0
|
||||||
while IFS= read -r service; do
|
while IFS= read -r service; do
|
||||||
if [ -n "$service" ]; then
|
if [ -n "$service" ]; then
|
||||||
local container_name=$(docker-compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
|
local container_name=$(docker compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
|
||||||
if [ -n "$container_name" ]; then
|
if [ -n "$container_name" ]; then
|
||||||
local user=$(docker exec "$container_name" whoami 2>/dev/null || echo "unknown")
|
local user=$(docker exec "$container_name" whoami 2>/dev/null || echo "unknown")
|
||||||
if [ "$user" = "root" ]; then
|
if [ "$user" = "root" ]; then
|
||||||
@@ -586,11 +586,11 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# If containers are running, verify they're not root
|
# If containers are running, verify they're not root
|
||||||
if docker-compose -f "$compose_file" ps --services 2>/dev/null | grep -q .; then
|
if docker compose -f "$compose_file" ps --services 2>/dev/null | grep -q .; then
|
||||||
local root_count=0
|
local root_count=0
|
||||||
while IFS= read -r service; do
|
while IFS= read -r service; do
|
||||||
[ -z "$service" ] && continue
|
[ -z "$service" ] && continue
|
||||||
local container=$(docker-compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
|
local container=$(docker compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
|
||||||
if [ -n "$container" ]; then
|
if [ -n "$container" ]; then
|
||||||
local user=$(docker exec "$container" whoami 2>/dev/null || echo "unknown")
|
local user=$(docker exec "$container" whoami 2>/dev/null || echo "unknown")
|
||||||
if [ "$user" = "root" ]; then
|
if [ "$user" = "root" ]; then
|
||||||
@@ -598,7 +598,7 @@ else
|
|||||||
((root_count++))
|
((root_count++))
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done <<< "$(docker-compose -f "$compose_file" ps --services 2>/dev/null)"
|
done <<< "$(docker compose -f "$compose_file" ps --services 2>/dev/null)"
|
||||||
|
|
||||||
if [ $root_count -eq 0 ]; then
|
if [ $root_count -eq 0 ]; then
|
||||||
echo -e " ${GREEN}✓${NC} All running containers are non-root"
|
echo -e " ${GREEN}✓${NC} All running containers are non-root"
|
||||||
@@ -606,7 +606,7 @@ else
|
|||||||
all_passed=false
|
all_passed=false
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo -e " ${YELLOW}○${NC} No containers running (start with docker-compose up)"
|
echo -e " ${YELLOW}○${NC} No containers running (start with docker compose up)"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
|
|||||||
@@ -822,8 +822,8 @@ done
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Verifica tutti i servizi nel compose file
|
# Verifica tutti i servizi nel compose file
|
||||||
docker-compose ps --services | while read service; do
|
docker compose ps --services | while read service; do
|
||||||
container=$(docker-compose ps -q $service)
|
container=$(docker compose ps -q $service)
|
||||||
echo "Service: $service, User: $(docker exec $container whoami)"
|
echo "Service: $service, User: $(docker exec $container whoami)"
|
||||||
done
|
done
|
||||||
```
|
```
|
||||||
|
|||||||
@@ -271,7 +271,7 @@ Key implementation points:
|
|||||||
- Container name matches test expectations
|
- Container name matches test expectations
|
||||||
- Healthcheck verifies non-root user
|
- Healthcheck verifies non-root user
|
||||||
- Comments explain why no volumes/networks (future labs)
|
- Comments explain why no volumes/networks (future labs)
|
||||||
- Follows docker-compose V3.8 syntax
|
- Follows docker compose V3.8 syntax
|
||||||
- No ports exposed (security best practice)
|
- No ports exposed (security best practice)
|
||||||
|
|
||||||
TDD Context: Tests from Wave 0 check for user directive - this configuration should satisfy those tests.
|
TDD Context: Tests from Wave 0 check for user directive - this configuration should satisfy those tests.
|
||||||
@@ -282,7 +282,7 @@ INF-01 Compliance:
|
|||||||
- No possibility of root execution
|
- No possibility of root execution
|
||||||
</action>
|
</action>
|
||||||
<verify>
|
<verify>
|
||||||
<automated>cd labs/lab-01-iam && docker-compose config > /dev/null 2>&1 && echo "PASS: docker-compose.yml is valid" || echo "FAIL: docker-compose.yml has errors"</automated>
|
<automated>cd labs/lab-01-iam && docker compose config > /dev/null 2>&1 && echo "PASS: docker-compose.yml is valid" || echo "FAIL: docker-compose.yml has errors"</automated>
|
||||||
</verify>
|
</verify>
|
||||||
<done>docker-compose.yml defines service with non-root user directive</done>
|
<done>docker-compose.yml defines service with non-root user directive</done>
|
||||||
</task>
|
</task>
|
||||||
@@ -331,7 +331,7 @@ fail_count=0
|
|||||||
|
|
||||||
# Test 1: docker-compose.yml is valid
|
# Test 1: docker-compose.yml is valid
|
||||||
echo -e "${BLUE}[1/6] Checking docker-compose.yml syntax...${NC}"
|
echo -e "${BLUE}[1/6] Checking docker-compose.yml syntax...${NC}"
|
||||||
if docker-compose config >/dev/null 2>&1; then
|
if docker compose config >/dev/null 2>&1; then
|
||||||
echo -e " ${GREEN}✓${NC} docker-compose.yml is valid YAML"
|
echo -e " ${GREEN}✓${NC} docker-compose.yml is valid YAML"
|
||||||
((pass_count++))
|
((pass_count++))
|
||||||
else
|
else
|
||||||
@@ -402,11 +402,11 @@ else
|
|||||||
fi
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
# Test 6: Verify docker-compose service
|
# Test 6: Verify docker compose service
|
||||||
echo -e "${BLUE}[6/6] Verifying docker-compose service...${NC}"
|
echo -e "${BLUE}[6/6] Verifying docker compose service...${NC}"
|
||||||
# Start container in detached mode
|
# Start container in detached mode
|
||||||
if docker-compose up -d >/dev/null 2>&1; then
|
if docker compose up -d >/dev/null 2>&1; then
|
||||||
echo -e " ${GREEN}✓${NC} docker-compose service started"
|
echo -e " ${GREEN}✓${NC} docker compose service started"
|
||||||
|
|
||||||
# Wait for container to be ready
|
# Wait for container to be ready
|
||||||
sleep 3
|
sleep 3
|
||||||
@@ -418,10 +418,10 @@ if docker-compose up -d >/dev/null 2>&1; then
|
|||||||
# Verify user
|
# Verify user
|
||||||
actual_user=$(docker exec lab01-iam-test whoami 2>/dev/null || echo "unknown")
|
actual_user=$(docker exec lab01-iam-test whoami 2>/dev/null || echo "unknown")
|
||||||
if [ "$actual_user" = "labuser" ]; then
|
if [ "$actual_user" = "labuser" ]; then
|
||||||
echo -e " ${GREEN}✓${NC} docker-compose container runs as non-root"
|
echo -e " ${GREEN}✓${NC} docker compose container runs as non-root"
|
||||||
((pass_count++))
|
((pass_count++))
|
||||||
else
|
else
|
||||||
echo -e " ${RED}✗${NC} docker-compose container running as $actual_user (expected labuser)"
|
echo -e " ${RED}✗${NC} docker compose container running as $actual_user (expected labuser)"
|
||||||
((fail_count++))
|
((fail_count++))
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@@ -430,9 +430,9 @@ if docker-compose up -d >/dev/null 2>&1; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Cleanup
|
# Cleanup
|
||||||
docker-compose down --volumes >/dev/null 2>&1
|
docker compose down --volumes >/dev/null 2>&1
|
||||||
else
|
else
|
||||||
echo -e " ${RED}✗${NC} Failed to start docker-compose service"
|
echo -e " ${RED}✗${NC} Failed to start docker compose service"
|
||||||
((fail_count++))
|
((fail_count++))
|
||||||
fi
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
@@ -466,7 +466,7 @@ Key implementation points:
|
|||||||
- Verifies USER directive in Dockerfile
|
- Verifies USER directive in Dockerfile
|
||||||
- Verifies user directive in docker-compose.yml
|
- Verifies user directive in docker-compose.yml
|
||||||
- Builds and tests Docker image
|
- Builds and tests Docker image
|
||||||
- Starts container with docker-compose and verifies execution
|
- Starts container with docker compose and verifies execution
|
||||||
- Proper cleanup after testing
|
- Proper cleanup after testing
|
||||||
- Clear pass/fail indicators
|
- Clear pass/fail indicators
|
||||||
|
|
||||||
@@ -483,7 +483,7 @@ TDD Context: This script confirms the GREEN phase - infrastructure implementatio
|
|||||||
<verification>
|
<verification>
|
||||||
1. Dockerfile creates non-root user with USER directive
|
1. Dockerfile creates non-root user with USER directive
|
||||||
2. docker-compose.yml specifies user directive for service
|
2. docker-compose.yml specifies user directive for service
|
||||||
3. docker-compose config validates without errors
|
3. docker compose config validates without errors
|
||||||
4. Docker build succeeds without warnings
|
4. Docker build succeeds without warnings
|
||||||
5. Container execution verified as non-root (whoami, docker inspect, docker top)
|
5. Container execution verified as non-root (whoami, docker inspect, docker top)
|
||||||
6. All Wave 0 tests now pass (GREEN phase of TDD)
|
6. All Wave 0 tests now pass (GREEN phase of TDD)
|
||||||
|
|||||||
@@ -117,7 +117,7 @@ Created a 163-line bash script that validates all infrastructure requirements:
|
|||||||
- **Test 3:** Verifies docker-compose.yml has non-root user directive
|
- **Test 3:** Verifies docker-compose.yml has non-root user directive
|
||||||
- **Test 4:** Builds Docker image successfully
|
- **Test 4:** Builds Docker image successfully
|
||||||
- **Test 5:** Verifies container runs as non-root (whoami check)
|
- **Test 5:** Verifies container runs as non-root (whoami check)
|
||||||
- **Test 6:** Starts docker-compose service and verifies execution
|
- **Test 6:** Starts docker compose service and verifies execution
|
||||||
|
|
||||||
**Result:** 6/6 tests passed - GREEN phase complete.
|
**Result:** 6/6 tests passed - GREEN phase complete.
|
||||||
|
|
||||||
@@ -175,7 +175,7 @@ All 6 infrastructure tests passed:
|
|||||||
[3/6] docker-compose.yml user directive (1000:1000) PASS
|
[3/6] docker-compose.yml user directive (1000:1000) PASS
|
||||||
[4/6] Docker image builds successfully PASS
|
[4/6] Docker image builds successfully PASS
|
||||||
[5/6] Container runs as non-root (labuser) PASS
|
[5/6] Container runs as non-root (labuser) PASS
|
||||||
[6/6] docker-compose service verification PASS
|
[6/6] docker compose service verification PASS
|
||||||
```
|
```
|
||||||
|
|
||||||
## Requirements Satisfied
|
## Requirements Satisfied
|
||||||
|
|||||||
@@ -165,7 +165,7 @@ services:
|
|||||||
|
|
||||||
### Pitfall 3: Insufficient Verification of Non-Root Execution
|
### Pitfall 3: Insufficient Verification of Non-Root Execution
|
||||||
**What goes wrong:** Container configured with `USER` directive but still running as root
|
**What goes wrong:** Container configured with `USER` directive but still running as root
|
||||||
**Why it happens:** Dockerfile USER directive not applied, or docker-compose `user` override missing, or container switches back to root
|
**Why it happens:** Dockerfile USER directive not applied, or docker compose `user` override missing, or container switches back to root
|
||||||
**How to avoid:** Always verify with `docker exec <container> whoami` AND `docker inspect <container> | grep User`
|
**How to avoid:** Always verify with `docker exec <container> whoami` AND `docker inspect <container> | grep User`
|
||||||
**Warning signs:** Container process shows as root in `docker top` or `docker inspect`
|
**Warning signs:** Container process shows as root in `docker top` or `docker inspect`
|
||||||
|
|
||||||
@@ -204,7 +204,7 @@ docker exec <container_name> whoami
|
|||||||
|
|
||||||
# Method 2: Inspect container configuration
|
# Method 2: Inspect container configuration
|
||||||
docker inspect <container_name> --format='{{.State.User}}'
|
docker inspect <container_name> --format='{{.State.User}}'
|
||||||
# Note: May show empty if using docker-compose user directive
|
# Note: May show empty if using docker compose user directive
|
||||||
|
|
||||||
# Method 3: Check process on host
|
# Method 3: Check process on host
|
||||||
docker top <container_name>
|
docker top <container_name>
|
||||||
@@ -389,8 +389,8 @@ echo "All tests passed!" || echo "Some tests failed"
|
|||||||
**Automated Verification:**
|
**Automated Verification:**
|
||||||
```bash
|
```bash
|
||||||
# Test runs for every container defined in docker-compose.yml
|
# Test runs for every container defined in docker-compose.yml
|
||||||
for service in $(docker-compose ps --services); do
|
for service in $(docker compose ps --services); do
|
||||||
container_name=$(docker-compose ps -q $service)
|
container_name=$(docker compose ps -q $service)
|
||||||
actual_user=$(docker exec $container_name whoami 2>/dev/null)
|
actual_user=$(docker exec $container_name whoami 2>/dev/null)
|
||||||
if [ "$actual_user" = "root" ]; then
|
if [ "$actual_user" = "root" ]; then
|
||||||
echo "FAIL: $service running as root"
|
echo "FAIL: $service running as root"
|
||||||
@@ -402,7 +402,7 @@ echo "PASS: All containers running as non-root"
|
|||||||
|
|
||||||
**Manual Verification:**
|
**Manual Verification:**
|
||||||
1. Check docker-compose.yml for `user:` directive on all services
|
1. Check docker-compose.yml for `user:` directive on all services
|
||||||
2. Run `docker-compose ps` to get container names
|
2. Run `docker compose ps` to get container names
|
||||||
3. Run `docker top <container>` and verify USER column != root
|
3. Run `docker top <container>` and verify USER column != root
|
||||||
4. Run `docker inspect <container>` and verify Config.User is set
|
4. Run `docker inspect <container>` and verify Config.User is set
|
||||||
|
|
||||||
|
|||||||
@@ -187,7 +187,7 @@ Phase 2 patterns to follow:
|
|||||||
1. Verify docker-compose.yml exists
|
1. Verify docker-compose.yml exists
|
||||||
2. Verify no port bindings use 0.0.0.0 (violates INF-02)
|
2. Verify no port bindings use 0.0.0.0 (violates INF-02)
|
||||||
3. Verify private services use 127.0.0.1 binding (localhost only)
|
3. Verify private services use 127.0.0.1 binding (localhost only)
|
||||||
4. Verify docker-compose config is valid YAML
|
4. Verify docker compose config is valid YAML
|
||||||
5. Verify no published ports for private-only services
|
5. Verify no published ports for private-only services
|
||||||
|
|
||||||
Requirements:
|
Requirements:
|
||||||
@@ -201,7 +201,7 @@ Phase 2 patterns to follow:
|
|||||||
- Check file exists: `[ -f labs/lab-02-network/docker-compose.yml ]`
|
- Check file exists: `[ -f labs/lab-02-network/docker-compose.yml ]`
|
||||||
- Find port mappings: `grep -E "^\s*-\s*[0-9]+:" docker-compose.yml` or `grep -A 20 "ports:"`
|
- Find port mappings: `grep -E "^\s*-\s*[0-9]+:" docker-compose.yml` or `grep -A 20 "ports:"`
|
||||||
- Check for violations: `grep -E '0\.0\.0\.0:[0-9]+' docker-compose.yml` (should NOT find)
|
- Check for violations: `grep -E '0\.0\.0\.0:[0-9]+' docker-compose.yml` (should NOT find)
|
||||||
- Validate YAML: `docker-compose -f docker-compose.yml config` (if file exists)
|
- Validate YAML: `docker compose -f docker-compose.yml config` (if file exists)
|
||||||
|
|
||||||
Expected: 5 tests total (file exists, no 0.0.0.0 bindings, 127.0.0.1 bindings used, YAML valid, private services no ports)
|
Expected: 5 tests total (file exists, no 0.0.0.0 bindings, 127.0.0.1 bindings used, YAML valid, private services no ports)
|
||||||
</action>
|
</action>
|
||||||
|
|||||||
@@ -193,9 +193,9 @@ From 03-RESEARCH.md, use consistent naming:
|
|||||||
4. **Step 2: Define Networks in Compose**: Custom networks with subnets (10.0.1.0/24, 10.0.2.0/24)
|
4. **Step 2: Define Networks in Compose**: Custom networks with subnets (10.0.1.0/24, 10.0.2.0/24)
|
||||||
5. **Step 3: Define Services**: Web server in public network, database in private network
|
5. **Step 3: Define Services**: Web server in public network, database in private network
|
||||||
6. **Step 4: Port Publishing**: INF-02 compliance (127.0.0.1 binding only)
|
6. **Step 4: Port Publishing**: INF-02 compliance (127.0.0.1 binding only)
|
||||||
7. **Verification Step 1**: `docker-compose config`
|
7. **Verification Step 1**: `docker compose config`
|
||||||
8. **Step 5: Start Services**: `docker-compose up -d`
|
8. **Step 5: Start Services**: `docker compose up -d`
|
||||||
9. **Verification Step 2**: `docker-compose ps`, `docker network inspect`
|
9. **Verification Step 2**: `docker compose ps`, `docker network inspect`
|
||||||
10. **Step 6: Verify Service Placement**: Which network each service is in
|
10. **Step 6: Verify Service Placement**: Which network each service is in
|
||||||
11. **Troubleshooting**: Port conflicts, network not found
|
11. **Troubleshooting**: Port conflicts, network not found
|
||||||
12. **Summary**: Multi-tier architecture deployed
|
12. **Summary**: Multi-tier architecture deployed
|
||||||
@@ -336,7 +336,7 @@ From 03-RESEARCH.md, use consistent naming:
|
|||||||
**Guide 4: cleanup-networks.md**
|
**Guide 4: cleanup-networks.md**
|
||||||
- Goal: Remove networks and fix common cleanup issues
|
- Goal: Remove networks and fix common cleanup issues
|
||||||
- Steps: Remove networks, remove containers, fix "network has active endpoints"
|
- Steps: Remove networks, remove containers, fix "network has active endpoints"
|
||||||
- Commands: docker network rm, docker-compose down -v
|
- Commands: docker network rm, docker compose down -v
|
||||||
- Troubleshooting: Networks that won't delete, orphaned networks
|
- Troubleshooting: Networks that won't delete, orphaned networks
|
||||||
- ~60 lines
|
- ~60 lines
|
||||||
|
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ must_haves:
|
|||||||
- "Private networks use --internal flag and no published ports"
|
- "Private networks use --internal flag and no published ports"
|
||||||
- "Public services bind to 127.0.0.1 only (INF-02 compliant)"
|
- "Public services bind to 127.0.0.1 only (INF-02 compliant)"
|
||||||
- "Infrastructure verification tests pass (GREEN phase)"
|
- "Infrastructure verification tests pass (GREEN phase)"
|
||||||
- "All services start successfully with docker-compose up"
|
- "All services start successfully with docker compose up"
|
||||||
artifacts:
|
artifacts:
|
||||||
- path: "labs/lab-02-network/docker-compose.yml"
|
- path: "labs/lab-02-network/docker-compose.yml"
|
||||||
provides: "VPC network definition with subnets"
|
provides: "VPC network definition with subnets"
|
||||||
@@ -47,7 +47,7 @@ must_haves:
|
|||||||
<objective>
|
<objective>
|
||||||
Create Docker infrastructure (docker-compose.yml and Dockerfile) implementing VPC simulation with isolated bridge networks. Following TDD methodology, this is the GREEN phase - tests already exist from Plan 03-01, and infrastructure should make those tests pass. Infrastructure must enforce INF-02 compliance (private networks don't expose ports on 0.0.0.0).
|
Create Docker infrastructure (docker-compose.yml and Dockerfile) implementing VPC simulation with isolated bridge networks. Following TDD methodology, this is the GREEN phase - tests already exist from Plan 03-01, and infrastructure should make those tests pass. Infrastructure must enforce INF-02 compliance (private networks don't expose ports on 0.0.0.0).
|
||||||
|
|
||||||
Purpose: Implement network infrastructure that simulates AWS VPC with public and private subnets. Students learn by running docker-compose and observing isolated networks in action.
|
Purpose: Implement network infrastructure that simulates AWS VPC with public and private subnets. Students learn by running docker compose and observing isolated networks in action.
|
||||||
|
|
||||||
Output: Working docker-compose.yml with VPC networks, test container image, and infrastructure verification script that validates all requirements.
|
Output: Working docker-compose.yml with VPC networks, test container image, and infrastructure verification script that validates all requirements.
|
||||||
</objective>
|
</objective>
|
||||||
@@ -262,7 +262,7 @@ From REQUIREMENTS.md:
|
|||||||
Expected: ~100 lines with complete VPC simulation
|
Expected: ~100 lines with complete VPC simulation
|
||||||
</action>
|
</action>
|
||||||
<verify>
|
<verify>
|
||||||
<automated>cd labs/lab-02-network && docker-compose config && docker-compose up -d && docker-compose ps</automated>
|
<automated>cd labs/lab-02-network && docker compose config && docker compose up -d && docker compose ps</automated>
|
||||||
</verify>
|
</verify>
|
||||||
<done>docker-compose.yml defines VPC networks with correct subnets. Services deployed in appropriate tiers. INF-02 compliant (127.0.0.1 bindings only).</done>
|
<done>docker-compose.yml defines VPC networks with correct subnets. Services deployed in appropriate tiers. INF-02 compliant (127.0.0.1 bindings only).</done>
|
||||||
</task>
|
</task>
|
||||||
@@ -374,7 +374,7 @@ From REQUIREMENTS.md:
|
|||||||
Expected: ~45 lines with non-root user and networking tools
|
Expected: ~45 lines with non-root user and networking tools
|
||||||
</action>
|
</action>
|
||||||
<verify>
|
<verify>
|
||||||
<automated>cd labs/lab-02-network && docker-compose build api && docker images | grep lab02-api</automated>
|
<automated>cd labs/lab-02-network && docker compose build api && docker images | grep lab02-api</automated>
|
||||||
</verify>
|
</verify>
|
||||||
<done>Dockerfile builds successfully. Creates non-root container with networking tools. Healthcheck tests connectivity to private network.</done>
|
<done>Dockerfile builds successfully. Creates non-root container with networking tools. Healthcheck tests connectivity to private network.</done>
|
||||||
</task>
|
</task>
|
||||||
@@ -391,7 +391,7 @@ From REQUIREMENTS.md:
|
|||||||
3. Verify subnet configurations (10.0.1.0/24, 10.0.2.0/24)
|
3. Verify subnet configurations (10.0.1.0/24, 10.0.2.0/24)
|
||||||
4. Verify INF-02 compliance (no 0.0.0.0 bindings)
|
4. Verify INF-02 compliance (no 0.0.0.0 bindings)
|
||||||
5. Verify private network has internal: true flag
|
5. Verify private network has internal: true flag
|
||||||
6. Verify docker-compose build succeeds
|
6. Verify docker compose build succeeds
|
||||||
7. Verify services start successfully
|
7. Verify services start successfully
|
||||||
8. Verify network isolation (web cannot ping db)
|
8. Verify network isolation (web cannot ping db)
|
||||||
9. Verify same-network communication (api can reach db)
|
9. Verify same-network communication (api can reach db)
|
||||||
@@ -399,7 +399,7 @@ From REQUIREMENTS.md:
|
|||||||
|
|
||||||
Requirements:
|
Requirements:
|
||||||
- Follow Phase 2 test patterns (color output, helper functions)
|
- Follow Phase 2 test patterns (color output, helper functions)
|
||||||
- Use docker-compose config to validate YAML
|
- Use docker compose config to validate YAML
|
||||||
- Use docker network inspect to verify network config
|
- Use docker network inspect to verify network config
|
||||||
- Use docker exec for connectivity tests
|
- Use docker exec for connectivity tests
|
||||||
- Use grep for INF-02 validation
|
- Use grep for INF-02 validation
|
||||||
@@ -442,7 +442,7 @@ From REQUIREMENTS.md:
|
|||||||
|
|
||||||
# Test 1: docker-compose.yml is valid
|
# Test 1: docker-compose.yml is valid
|
||||||
echo -e "[1/10] Testing docker-compose.yml syntax..."
|
echo -e "[1/10] Testing docker-compose.yml syntax..."
|
||||||
if docker-compose config > /dev/null 2>&1; then
|
if docker compose config > /dev/null 2>&1; then
|
||||||
echo -e "${GREEN}PASS${NC}: docker-compose.yml is valid"
|
echo -e "${GREEN}PASS${NC}: docker-compose.yml is valid"
|
||||||
inc_pass
|
inc_pass
|
||||||
else
|
else
|
||||||
@@ -452,8 +452,8 @@ From REQUIREMENTS.md:
|
|||||||
|
|
||||||
# Test 2: Networks defined
|
# Test 2: Networks defined
|
||||||
echo -e "[2/10] Testing network definitions..."
|
echo -e "[2/10] Testing network definitions..."
|
||||||
if docker-compose config | grep -q "vpc-public:" && \
|
if docker compose config | grep -q "vpc-public:" && \
|
||||||
docker-compose config | grep -q "vpc-private:"; then
|
docker compose config | grep -q "vpc-private:"; then
|
||||||
echo -e "${GREEN}PASS${NC}: vpc-public and vpc-private networks defined"
|
echo -e "${GREEN}PASS${NC}: vpc-public and vpc-private networks defined"
|
||||||
inc_pass
|
inc_pass
|
||||||
else
|
else
|
||||||
@@ -463,8 +463,8 @@ From REQUIREMENTS.md:
|
|||||||
|
|
||||||
# Test 3: Subnet configurations
|
# Test 3: Subnet configurations
|
||||||
echo -e "[3/10] Testing subnet configurations..."
|
echo -e "[3/10] Testing subnet configurations..."
|
||||||
if docker-compose config | grep -q "10.0.1.0/24" && \
|
if docker compose config | grep -q "10.0.1.0/24" && \
|
||||||
docker-compose config | grep -q "10.0.2.0/24"; then
|
docker compose config | grep -q "10.0.2.0/24"; then
|
||||||
echo -e "${GREEN}PASS${NC}: Subnets 10.0.1.0/24 and 10.0.2.0/24 configured"
|
echo -e "${GREEN}PASS${NC}: Subnets 10.0.1.0/24 and 10.0.2.0/24 configured"
|
||||||
inc_pass
|
inc_pass
|
||||||
else
|
else
|
||||||
@@ -474,7 +474,7 @@ From REQUIREMENTS.md:
|
|||||||
|
|
||||||
# Test 4: INF-02 compliance
|
# Test 4: INF-02 compliance
|
||||||
echo -e "[4/10] Testing INF-02 compliance (no 0.0.0.0 bindings)..."
|
echo -e "[4/10] Testing INF-02 compliance (no 0.0.0.0 bindings)..."
|
||||||
if docker-compose config | grep -qE '0\.0\.0\.0:[0-9]+'; then
|
if docker compose config | grep -qE '0\.0\.0\.0:[0-9]+'; then
|
||||||
echo -e "${RED}FAIL${NC}: Found 0.0.0.0 port bindings (INF-02 violation)"
|
echo -e "${RED}FAIL${NC}: Found 0.0.0.0 port bindings (INF-02 violation)"
|
||||||
inc_fail
|
inc_fail
|
||||||
else
|
else
|
||||||
@@ -484,7 +484,7 @@ From REQUIREMENTS.md:
|
|||||||
|
|
||||||
# Test 5: Private network internal flag
|
# Test 5: Private network internal flag
|
||||||
echo -e "[5/10] Testing private network isolation..."
|
echo -e "[5/10] Testing private network isolation..."
|
||||||
if docker-compose config | grep -A 3 "vpc-private:" | grep -q "internal: true"; then
|
if docker compose config | grep -A 3 "vpc-private:" | grep -q "internal: true"; then
|
||||||
echo -e "${GREEN}PASS${NC}: vpc-private has internal: true flag"
|
echo -e "${GREEN}PASS${NC}: vpc-private has internal: true flag"
|
||||||
inc_pass
|
inc_pass
|
||||||
else
|
else
|
||||||
@@ -493,8 +493,8 @@ From REQUIREMENTS.md:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Test 6: Build succeeds
|
# Test 6: Build succeeds
|
||||||
echo -e "[6/10] Testing docker-compose build..."
|
echo -e "[6/10] Testing docker compose build..."
|
||||||
if docker-compose build -q api > /dev/null 2>&1; then
|
if docker compose build -q api > /dev/null 2>&1; then
|
||||||
echo -e "${GREEN}PASS${NC}: Docker image builds successfully"
|
echo -e "${GREEN}PASS${NC}: Docker image builds successfully"
|
||||||
inc_pass
|
inc_pass
|
||||||
else
|
else
|
||||||
@@ -504,10 +504,10 @@ From REQUIREMENTS.md:
|
|||||||
|
|
||||||
# Test 7-10: Runtime tests (if services running)
|
# Test 7-10: Runtime tests (if services running)
|
||||||
# Check if services are running
|
# Check if services are running
|
||||||
if docker-compose ps | grep -q "Up"; then
|
if docker compose ps | grep -q "Up"; then
|
||||||
# Test 7: Services running
|
# Test 7: Services running
|
||||||
echo -e "[7/10] Testing service status..."
|
echo -e "[7/10] Testing service status..."
|
||||||
running_count=$(docker-compose ps | grep -c "Up" || true)
|
running_count=$(docker compose ps | grep -c "Up" || true)
|
||||||
if [ "$running_count" -ge 2 ]; then
|
if [ "$running_count" -ge 2 ]; then
|
||||||
echo -e "${GREEN}PASS${NC}: Services are running ($running_count services)"
|
echo -e "${GREEN}PASS${NC}: Services are running ($running_count services)"
|
||||||
inc_pass
|
inc_pass
|
||||||
@@ -590,19 +590,19 @@ After all tasks complete, verify:
|
|||||||
- tests/04-verify-infrastructure.sh exists
|
- tests/04-verify-infrastructure.sh exists
|
||||||
|
|
||||||
2. **Compose Configuration**:
|
2. **Compose Configuration**:
|
||||||
- `docker-compose config` succeeds (valid YAML)
|
- `docker compose config` succeeds (valid YAML)
|
||||||
- Two networks defined: vpc-public, vpc-private
|
- Two networks defined: vpc-public, vpc-private
|
||||||
- Correct subnets: 10.0.1.0/24, 10.0.2.0/24
|
- Correct subnets: 10.0.1.0/24, 10.0.2.0/24
|
||||||
- Three services: web, api, db
|
- Three services: web, api, db
|
||||||
|
|
||||||
3. **INF-02 Compliance**:
|
3. **INF-02 Compliance**:
|
||||||
- No 0.0.0.0 bindings in docker-compose config
|
- No 0.0.0.0 bindings in docker compose config
|
||||||
- Public services use 127.0.0.1:PORT:PORT format
|
- Public services use 127.0.0.1:PORT:PORT format
|
||||||
- Private services have no published ports
|
- Private services have no published ports
|
||||||
- vpc-private has internal: true flag
|
- vpc-private has internal: true flag
|
||||||
|
|
||||||
4. **Services Start Successfully**:
|
4. **Services Start Successfully**:
|
||||||
- `docker-compose up -d` succeeds
|
- `docker compose up -d` succeeds
|
||||||
- All containers show "Up" status
|
- All containers show "Up" status
|
||||||
- Containers have correct network attachments
|
- Containers have correct network attachments
|
||||||
|
|
||||||
@@ -619,19 +619,19 @@ After all tasks complete, verify:
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Verify compose configuration
|
# Verify compose configuration
|
||||||
cd labs/lab-02-network && docker-compose config
|
cd labs/lab-02-network && docker compose config
|
||||||
|
|
||||||
# Check for INF-02 violations (should return nothing)
|
# Check for INF-02 violations (should return nothing)
|
||||||
cd labs/lab-02-network && docker-compose config | grep "0.0.0.0"
|
cd labs/lab-02-network && docker compose config | grep "0.0.0.0"
|
||||||
|
|
||||||
# Build services
|
# Build services
|
||||||
cd labs/lab-02-network && docker-compose build
|
cd labs/lab-02-network && docker compose build
|
||||||
|
|
||||||
# Start services
|
# Start services
|
||||||
cd labs/lab-02-network && docker-compose up -d
|
cd labs/lab-02-network && docker compose up -d
|
||||||
|
|
||||||
# Check service status
|
# Check service status
|
||||||
cd labs/lab-02-network && docker-compose ps
|
cd labs/lab-02-network && docker compose ps
|
||||||
|
|
||||||
# Verify networks created
|
# Verify networks created
|
||||||
docker network ls | grep lab02
|
docker network ls | grep lab02
|
||||||
@@ -643,7 +643,7 @@ bash labs/lab-02-network/tests/04-verify-infrastructure.sh
|
|||||||
bash labs/lab-02-network/tests/run-all-tests.sh
|
bash labs/lab-02-network/tests/run-all-tests.sh
|
||||||
|
|
||||||
# Cleanup
|
# Cleanup
|
||||||
cd labs/lab-02-network && docker-compose down -v
|
cd labs/lab-02-network && docker compose down -v
|
||||||
```
|
```
|
||||||
|
|
||||||
## Success Criteria
|
## Success Criteria
|
||||||
@@ -652,7 +652,7 @@ cd labs/lab-02-network && docker-compose down -v
|
|||||||
- [ ] Two networks defined: vpc-public (10.0.1.0/24), vpc-private (10.0.2.0/24)
|
- [ ] Two networks defined: vpc-public (10.0.1.0/24), vpc-private (10.0.2.0/24)
|
||||||
- [ ] vpc-private has internal: true flag
|
- [ ] vpc-private has internal: true flag
|
||||||
- [ ] No 0.0.0.0 port bindings (INF-02 compliant)
|
- [ ] No 0.0.0.0 port bindings (INF-02 compliant)
|
||||||
- [ ] Services start successfully with docker-compose up
|
- [ ] Services start successfully with docker compose up
|
||||||
- [ ] Network isolation verified (public cannot reach private)
|
- [ ] Network isolation verified (public cannot reach private)
|
||||||
- [ ] Infrastructure verification script passes all tests
|
- [ ] Infrastructure verification script passes all tests
|
||||||
- [ ] All tests from Plan 03-01 now pass (GREEN phase complete)
|
- [ ] All tests from Plan 03-01 now pass (GREEN phase complete)
|
||||||
|
|||||||
@@ -246,7 +246,7 @@ networks:
|
|||||||
### Pitfall 5: Network Cleanup Between Tests
|
### Pitfall 5: Network Cleanup Between Tests
|
||||||
**What goes wrong:** Previous test networks interfere with new tests
|
**What goes wrong:** Previous test networks interfere with new tests
|
||||||
**Why it happens:** Networks not removed between test runs, container references stale
|
**Why it happens:** Networks not removed between test runs, container references stale
|
||||||
**How to avoid:** Always run `docker-compose down -v` to remove networks, include cleanup in tests
|
**How to avoid:** Always run `docker compose down -v` to remove networks, include cleanup in tests
|
||||||
**Warning signs:** "Network already exists" errors, IP conflicts in subnet allocation
|
**Warning signs:** "Network already exists" errors, IP conflicts in subnet allocation
|
||||||
|
|
||||||
## Code Examples
|
## Code Examples
|
||||||
@@ -373,8 +373,8 @@ else
|
|||||||
echo "WARNING: No port bindings found or all public"
|
echo "WARNING: No port bindings found or all public"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Verify with docker-compose config
|
# Verify with docker compose config
|
||||||
docker-compose -f "$compose_file" config 2>/dev/null || true
|
docker compose -f "$compose_file" config 2>/dev/null || true
|
||||||
|
|
||||||
echo "INF-02 verification complete"
|
echo "INF-02 verification complete"
|
||||||
```
|
```
|
||||||
|
|||||||
@@ -41,7 +41,7 @@ created: 2026-03-25
|
|||||||
| 03-01-01 | 01 | 1 | LAB-02, TEST-01 | unit | `bash labs/lab-02-network/tests/test-network-isolation.sh` | ❌ W0 | ⬜ pending |
|
| 03-01-01 | 01 | 1 | LAB-02, TEST-01 | unit | `bash labs/lab-02-network/tests/test-network-isolation.sh` | ❌ W0 | ⬜ pending |
|
||||||
| 03-01-02 | 01 | 1 | INF-02 | integration | `bash labs/lab-02-network/tests/test-private-network-no-expose.sh` | ❌ W0 | ⬜ pending |
|
| 03-01-02 | 01 | 1 | INF-02 | integration | `bash labs/lab-02-network/tests/test-private-network-no-expose.sh` | ❌ W0 | ⬜ pending |
|
||||||
| 03-02-01 | 02 | 1 | DOCT-01, DOCT-02 | documentation | File existence check | ❌ W0 | ⬜ pending |
|
| 03-02-01 | 02 | 1 | DOCT-01, DOCT-02 | documentation | File existence check | ❌ W0 | ⬜ pending |
|
||||||
| 03-03-01 | 03 | 2 | LAB-02, INF-02 | infrastructure | `docker-compose config` + container ping test | ❌ W0 | ⬜ pending |
|
| 03-03-01 | 03 | 2 | LAB-02, INF-02 | infrastructure | `docker compose config` + container ping test | ❌ W0 | ⬜ pending |
|
||||||
|
|
||||||
*Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky*
|
*Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky*
|
||||||
|
|
||||||
@@ -91,5 +91,5 @@ created: 2026-03-25
|
|||||||
|
|
||||||
### INF-02 Compliance Verification
|
### INF-02 Compliance Verification
|
||||||
- Private networks must NOT expose ports on 0.0.0.0
|
- Private networks must NOT expose ports on 0.0.0.0
|
||||||
- Test verifies `docker-compose config` output for `127.0.0.1:PORT:PORT` pattern
|
- Test verifies `docker compose config` output for `127.0.0.1:PORT:PORT` pattern
|
||||||
- Manual verification: `netstat -tlnp | grep docker` shows no 0.0.0.0 bindings for private services
|
- Manual verification: `netstat -tlnp | grep docker` shows no 0.0.0.0 bindings for private services
|
||||||
|
|||||||
@@ -77,7 +77,7 @@ Containers or the entire Docker daemon are killed by the kernel's OOM (Out Of Me
|
|||||||
- Memory leaks in student code go unchecked
|
- Memory leaks in student code go unchecked
|
||||||
|
|
||||||
**How to avoid:**
|
**How to avoid:**
|
||||||
- Always set `mem_limit` in docker-compose for each service
|
- Always set `mem_limit` in docker compose for each service
|
||||||
- Use `deploy.resources.limits.memory` in compose file format v3+
|
- Use `deploy.resources.limits.memory` in compose file format v3+
|
||||||
- Monitor with `docker stats`
|
- Monitor with `docker stats`
|
||||||
- Teach students to check container resource usage
|
- Teach students to check container resource usage
|
||||||
@@ -107,7 +107,7 @@ Containers run as root by default, creating security vulnerabilities and permiss
|
|||||||
- Volume permission errors seem "easier" to fix with root
|
- Volume permission errors seem "easier" to fix with root
|
||||||
|
|
||||||
**How to avoid:**
|
**How to avoid:**
|
||||||
- Always specify `user:` directive in docker-compose or Dockerfile
|
- Always specify `user:` directive in docker compose or Dockerfile
|
||||||
- Create non-root users in Dockerfiles
|
- Create non-root users in Dockerfiles
|
||||||
- Teach Linux permission basics alongside Docker
|
- Teach Linux permission basics alongside Docker
|
||||||
- Use Docker's user namespaces for advanced labs
|
- Use Docker's user namespaces for advanced labs
|
||||||
|
|||||||
@@ -48,7 +48,7 @@
|
|||||||
|
|
||||||
| Tool | Purpose | Notes |
|
| Tool | Purpose | Notes |
|
||||||
|------|---------|-------|
|
|------|---------|-------|
|
||||||
| docker-compose config | Validazione YAML | Esegue check sintassi espandendo variabili |
|
| docker compose config | Validazione YAML | Esegue check sintassi espandendo variabili |
|
||||||
| docker network inspect | Debug reti | Mostra container connessi, IP allocation |
|
| docker network inspect | Debug reti | Mostra container connessi, IP allocation |
|
||||||
| docker stats | Monitor risorse | Verifica limiti CPU/memoria in tempo reale |
|
| docker stats | Monitor risorse | Verifica limiti CPU/memoria in tempo reale |
|
||||||
| iptables -L -n -v | Debug firewall | Mostra regole NAT/forward attive |
|
| iptables -L -n -v | Debug firewall | Mostra regole NAT/forward attive |
|
||||||
|
|||||||
@@ -92,7 +92,7 @@ Critical risks include data loss from improper volume configuration, OOM killer
|
|||||||
|
|
||||||
3. **OOM killer (resource exhaustion)** — Always set `mem_limit` and CPU limits in docker-compose; monitor with `docker stats`; recommend 16GB RAM minimum for host
|
3. **OOM killer (resource exhaustion)** — Always set `mem_limit` and CPU limits in docker-compose; monitor with `docker stats`; recommend 16GB RAM minimum for host
|
||||||
|
|
||||||
4. **Running as root** — Always specify `user:` directive in docker-compose or Dockerfile; teach Linux permission basics alongside Docker; never use `--privileged` flag
|
4. **Running as root** — Always specify `user:` directive in docker compose or Dockerfile; teach Linux permission basics alongside Docker; never use `--privileged` flag
|
||||||
|
|
||||||
5. **Port conflicts and binding issues** — Use non-standard ports in examples (5433 instead of 5432); teach students to check port usage; document all port mappings; provide conflict detection scripts
|
5. **Port conflicts and binding issues** — Use non-standard ports in examples (5433 instead of 5432); teach students to check port usage; document all port mappings; provide conflict detection scripts
|
||||||
|
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
Nessun laboratorio o configurazione viene scritto senza una specifica architetturale approvata.
|
Nessun laboratorio o configurazione viene scritto senza una specifica architetturale approvata.
|
||||||
|
|
||||||
* **Contratto:** Ogni modulo (Lab) deve avere un PRD che ne definisca l'obiettivo didattico, la topologia di rete, i limiti di risorse e il parallelismo con il servizio Cloud reale (es. AWS VPC, RDS).
|
* **Contratto:** Ogni modulo (Lab) deve avere un PRD che ne definisca l'obiettivo didattico, la topologia di rete, i limiti di risorse e il parallelismo con il servizio Cloud reale (es. AWS VPC, RDS).
|
||||||
* **Validazione:** Si usa `docker-compose config` e validatori YAML formali per garantire che i file di infrastruttura siano corretti prima dell'esecuzione.
|
* **Validazione:** Si usa `docker compose config` e validatori YAML formali per garantire che i file di infrastruttura siano corretti prima dell'esecuzione.
|
||||||
|
|
||||||
### 1.2 Test-Driven Infrastructure (TDI)
|
### 1.2 Test-Driven Infrastructure (TDI)
|
||||||
|
|
||||||
|
|||||||
@@ -43,8 +43,8 @@ done
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Verifica tutti i servizi nel compose file
|
# Verifica tutti i servizi nel compose file
|
||||||
docker-compose ps --services | while read service; do
|
docker compose ps --services | while read service; do
|
||||||
container=$(docker-compose ps -q $service)
|
container=$(docker compose ps -q $service)
|
||||||
echo "Service: $service, User: $(docker exec $container whoami)"
|
echo "Service: $service, User: $(docker exec $container whoami)"
|
||||||
done
|
done
|
||||||
```
|
```
|
||||||
|
|||||||
@@ -107,7 +107,7 @@ test_no_container_runs_as_root() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Get all services from compose file
|
# Get all services from compose file
|
||||||
local services=$(docker-compose -f "$compose_file" ps --services 2>/dev/null || echo "")
|
local services=$(docker compose -f "$compose_file" ps --services 2>/dev/null || echo "")
|
||||||
|
|
||||||
if [ -z "$services" ]; then
|
if [ -z "$services" ]; then
|
||||||
echo -e "${YELLOW}SKIP${NC}: No services defined yet"
|
echo -e "${YELLOW}SKIP${NC}: No services defined yet"
|
||||||
@@ -118,7 +118,7 @@ test_no_container_runs_as_root() {
|
|||||||
local root_containers=0
|
local root_containers=0
|
||||||
while IFS= read -r service; do
|
while IFS= read -r service; do
|
||||||
if [ -n "$service" ]; then
|
if [ -n "$service" ]; then
|
||||||
local container_name=$(docker-compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
|
local container_name=$(docker compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
|
||||||
if [ -n "$container_name" ]; then
|
if [ -n "$container_name" ]; then
|
||||||
local user=$(docker exec "$container_name" whoami 2>/dev/null || echo "unknown")
|
local user=$(docker exec "$container_name" whoami 2>/dev/null || echo "unknown")
|
||||||
if [ "$user" = "root" ]; then
|
if [ "$user" = "root" ]; then
|
||||||
|
|||||||
@@ -104,11 +104,11 @@ else
|
|||||||
fi
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
# Test 6: Verify docker-compose service
|
# Test 6: Verify docker compose service
|
||||||
echo -e "${BLUE}[6/6] Verifying docker-compose service...${NC}"
|
echo -e "${BLUE}[6/6] Verifying docker compose service...${NC}"
|
||||||
# Start container in detached mode
|
# Start container in detached mode
|
||||||
if docker compose up -d >/dev/null 2>&1; then
|
if docker compose up -d >/dev/null 2>&1; then
|
||||||
echo -e " ${GREEN}✓${NC} docker-compose service started"
|
echo -e " ${GREEN}✓${NC} docker compose service started"
|
||||||
|
|
||||||
# Wait for container to be ready
|
# Wait for container to be ready
|
||||||
sleep 3
|
sleep 3
|
||||||
@@ -120,10 +120,10 @@ if docker compose up -d >/dev/null 2>&1; then
|
|||||||
# Verify user
|
# Verify user
|
||||||
actual_user=$(docker exec lab01-iam-test whoami 2>/dev/null || echo "unknown")
|
actual_user=$(docker exec lab01-iam-test whoami 2>/dev/null || echo "unknown")
|
||||||
if [ "$actual_user" = "labuser" ]; then
|
if [ "$actual_user" = "labuser" ]; then
|
||||||
echo -e " ${GREEN}✓${NC} docker-compose container runs as non-root"
|
echo -e " ${GREEN}✓${NC} docker compose container runs as non-root"
|
||||||
inc_pass
|
inc_pass
|
||||||
else
|
else
|
||||||
echo -e " ${RED}✗${NC} docker-compose container running as $actual_user (expected labuser)"
|
echo -e " ${RED}✗${NC} docker compose container running as $actual_user (expected labuser)"
|
||||||
inc_fail
|
inc_fail
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@@ -134,7 +134,7 @@ if docker compose up -d >/dev/null 2>&1; then
|
|||||||
# Cleanup
|
# Cleanup
|
||||||
docker compose down --volumes >/dev/null 2>&1
|
docker compose down --volumes >/dev/null 2>&1
|
||||||
else
|
else
|
||||||
echo -e " ${RED}✗${NC} Failed to start docker-compose service"
|
echo -e " ${RED}✗${NC} Failed to start docker compose service"
|
||||||
inc_fail
|
inc_fail
|
||||||
fi
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
|
|||||||
@@ -49,7 +49,8 @@ echo ""
|
|||||||
|
|
||||||
# Test 3: Non-root container execution (INF-01)
|
# Test 3: Non-root container execution (INF-01)
|
||||||
echo -e "${BLUE}[3/3] Checking non-root container execution (INF-01)...${NC}"
|
echo -e "${BLUE}[3/3] Checking non-root container execution (INF-01)...${NC}"
|
||||||
compose_file="labs/lab-01-iam/docker-compose.yml"
|
cd labs/lab-01-iam
|
||||||
|
compose_file="docker-compose.yml"
|
||||||
if [ ! -f "$compose_file" ]; then
|
if [ ! -f "$compose_file" ]; then
|
||||||
echo -e " ${YELLOW}○${NC} docker-compose.yml not found"
|
echo -e " ${YELLOW}○${NC} docker-compose.yml not found"
|
||||||
all_passed=false
|
all_passed=false
|
||||||
@@ -65,11 +66,11 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# If containers are running, verify they're not root
|
# If containers are running, verify they're not root
|
||||||
if docker-compose -f "$compose_file" ps --services 2>/dev/null | grep -q .; then
|
if docker compose -f "$compose_file" ps --services 2>/dev/null | grep -q .; then
|
||||||
local root_count=0
|
local root_count=0
|
||||||
while IFS= read -r service; do
|
while IFS= read -r service; do
|
||||||
[ -z "$service" ] && continue
|
[ -z "$service" ] && continue
|
||||||
local container=$(docker-compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
|
local container=$(docker compose -f "$compose_file" ps -q "$service" 2>/dev/null || echo "")
|
||||||
if [ -n "$container" ]; then
|
if [ -n "$container" ]; then
|
||||||
local user=$(docker exec "$container" whoami 2>/dev/null || echo "unknown")
|
local user=$(docker exec "$container" whoami 2>/dev/null || echo "unknown")
|
||||||
if [ "$user" = "root" ]; then
|
if [ "$user" = "root" ]; then
|
||||||
@@ -77,7 +78,7 @@ else
|
|||||||
((root_count++)) || true
|
((root_count++)) || true
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done <<< "$(docker-compose -f "$compose_file" ps --services 2>/dev/null)"
|
done <<< "$(docker compose -f "$compose_file" ps --services 2>/dev/null)"
|
||||||
|
|
||||||
if [ $root_count -eq 0 ]; then
|
if [ $root_count -eq 0 ]; then
|
||||||
echo -e " ${GREEN}✓${NC} All running containers are non-root"
|
echo -e " ${GREEN}✓${NC} All running containers are non-root"
|
||||||
@@ -85,7 +86,7 @@ else
|
|||||||
all_passed=false
|
all_passed=false
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo -e " ${YELLOW}○${NC} No containers running (start with docker-compose up)"
|
echo -e " ${YELLOW}○${NC} No containers running (start with docker compose up)"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
echo ""
|
echo ""
|
||||||
|
|||||||
@@ -149,7 +149,7 @@ COMPOSE_FILE="$PROJECT_ROOT/labs/lab-02-network/docker-compose.yml"
|
|||||||
if [[ -f "$COMPOSE_FILE" ]]; then
|
if [[ -f "$COMPOSE_FILE" ]]; then
|
||||||
print_pass "docker-compose.yml found at $COMPOSE_FILE"
|
print_pass "docker-compose.yml found at $COMPOSE_FILE"
|
||||||
|
|
||||||
# Test 9: Verify docker-compose config is valid
|
# Test 9: Verify docker compose config is valid
|
||||||
print_test "Test 9: Validate docker-compose.yml syntax"
|
print_test "Test 9: Validate docker-compose.yml syntax"
|
||||||
if docker compose -f "$COMPOSE_FILE" config &> /dev/null; then
|
if docker compose -f "$COMPOSE_FILE" config &> /dev/null; then
|
||||||
print_pass "docker-compose.yml is valid YAML"
|
print_pass "docker-compose.yml is valid YAML"
|
||||||
|
|||||||
@@ -46,7 +46,7 @@
|
|||||||
| Private bridge network | VPC Private Subnet | Isolamento di rete |
|
| Private bridge network | VPC Private Subnet | Isolamento di rete |
|
||||||
| Named volume | EBS volume | Persistenza dati |
|
| Named volume | EBS volume | Persistenza dati |
|
||||||
| Resource limits (cpus, memory) | DB instance class | Allocazione risorse |
|
| Resource limits (cpus, memory) | DB instance class | Allocazione risorse |
|
||||||
| docker-compose up | RDS create | Deploy command |
|
| docker compose up | RDS create | Deploy command |
|
||||||
| docker logs | CloudWatch logs | Logging e monitoring |
|
| docker logs | CloudWatch logs | Logging e monitoring |
|
||||||
| pg_isready | RDS health check | Verifica disponibilità |
|
| pg_isready | RDS health check | Verifica disponibilità |
|
||||||
| Non-root user | IAM authentication | Controllo accessi |
|
| Non-root user | IAM authentication | Controllo accessi |
|
||||||
@@ -140,10 +140,10 @@
|
|||||||
|
|
||||||
| Operazione | Docker | RDS/AWS |
|
| Operazione | Docker | RDS/AWS |
|
||||||
|------------|--------|---------|
|
|------------|--------|---------|
|
||||||
| Deploy | docker-compose up | aws rds create-db-instance |
|
| Deploy | docker compose up | aws rds create-db-instance |
|
||||||
| Stop | docker-compose stop | aws rds stop-db-instance |
|
| Stop | docker compose stop | aws rds stop-db-instance |
|
||||||
| Start | docker-compose start | aws rds start-db-instance |
|
| Start | docker compose start | aws rds start-db-instance |
|
||||||
| Scale | docker-compose up --scale | aws rds modify-db-instance |
|
| Scale | docker compose up --scale | aws rds modify-db-instance |
|
||||||
| Status | docker ps | aws rds describe-db-instances |
|
| Status | docker ps | aws rds describe-db-instances |
|
||||||
| Logs | docker logs | aws rds describe-db-log-files |
|
| Logs | docker logs | aws rds describe-db-log-files |
|
||||||
| Backup | pg_dump | aws rds create-db-snapshot |
|
| Backup | pg_dump | aws rds create-db-snapshot |
|
||||||
|
|||||||
@@ -126,7 +126,7 @@ if docker ps --format '{{{{Names}}}}' | grep -q "^lab05-db$"; then
|
|||||||
else
|
else
|
||||||
echo -e "${YELLOW}SKIP${NC} (container non in esecuzione)"
|
echo -e "${YELLOW}SKIP${NC} (container non in esecuzione)"
|
||||||
inc_skip
|
inc_skip
|
||||||
echo -e "${YELLOW}Avviare i container con: docker-compose up -d${NC}"
|
echo -e "${YELLOW}Avviare i container con: docker compose up -d${NC}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
|
|||||||
@@ -83,7 +83,7 @@ echo -n "[TEST] Verifica container database in esecuzione... "
|
|||||||
if ! docker ps --format '{{{{Names}}}}' | grep -q "^lab05-db$"; then
|
if ! docker ps --format '{{{{Names}}}}' | grep -q "^lab05-db$"; then
|
||||||
echo -e "${YELLOW}SKIP${NC} (container non in esecuzione)"
|
echo -e "${YELLOW}SKIP${NC} (container non in esecuzione)"
|
||||||
inc_skip
|
inc_skip
|
||||||
echo -e "${YELLOW}Avviare i container con: docker-compose up -d${NC}"
|
echo -e "${YELLOW}Avviare i container con: docker compose up -d${NC}"
|
||||||
echo ""
|
echo ""
|
||||||
echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP"
|
echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP"
|
||||||
exit 0
|
exit 0
|
||||||
|
|||||||
@@ -76,7 +76,7 @@ echo -n "[TEST] Verifica container database in esecuzione... "
|
|||||||
if ! docker ps --format '{{{{Names}}}}' | grep -q "^lab05-db$"; then
|
if ! docker ps --format '{{{{Names}}}}' | grep -q "^lab05-db$"; then
|
||||||
echo -e "${YELLOW}SKIP${NC} (container non in esecuzione)"
|
echo -e "${YELLOW}SKIP${NC} (container non in esecuzione)"
|
||||||
inc_skip
|
inc_skip
|
||||||
echo -e "${YELLOW}Avviare i container con: docker-compose up -d${NC}"
|
echo -e "${YELLOW}Avviare i container con: docker compose up -d${NC}"
|
||||||
echo ""
|
echo ""
|
||||||
echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP"
|
echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP"
|
||||||
exit 0
|
exit 0
|
||||||
|
|||||||
@@ -115,7 +115,7 @@ echo -n "[TEST] Verifica container database in esecuzione... "
|
|||||||
if ! docker ps --format '{{{{Names}}}}' | grep -q "^lab05-db$"; then
|
if ! docker ps --format '{{{{Names}}}}' | grep -q "^lab05-db$"; then
|
||||||
echo -e "${YELLOW}SKIP${NC} (container non in esecuzione)"
|
echo -e "${YELLOW}SKIP${NC} (container non in esecuzione)"
|
||||||
inc_skip
|
inc_skip
|
||||||
echo -e "${YELLOW}Avviare i container con: docker-compose up -d${NC}"
|
echo -e "${YELLOW}Avviare i container con: docker compose up -d${NC}"
|
||||||
echo ""
|
echo ""
|
||||||
echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP"
|
echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP"
|
||||||
exit 0
|
exit 0
|
||||||
|
|||||||
@@ -129,7 +129,7 @@ if docker ps --format '{{{{Names}}}}' | grep -q "^lab05-db$"; then
|
|||||||
else
|
else
|
||||||
echo -e "${RED}FAIL${NC}"
|
echo -e "${RED}FAIL${NC}"
|
||||||
inc_fail
|
inc_fail
|
||||||
echo "Avviare i container: docker-compose up -d"
|
echo "Avviare i container: docker compose up -d"
|
||||||
echo ""
|
echo ""
|
||||||
echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP"
|
echo "Risultato: $pass_count PASS, $fail_count FAIL, $skip_count SKIP"
|
||||||
exit 1
|
exit 1
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ Deploya il database nella rete privata.
|
|||||||
Esegui:
|
Esegui:
|
||||||
```bash
|
```bash
|
||||||
# Avvia i container
|
# Avvia i container
|
||||||
docker-compose up -d
|
docker compose up -d
|
||||||
|
|
||||||
# Verifica che il database sia in esecuzione
|
# Verifica che il database sia in esecuzione
|
||||||
docker ps | grep lab05-db
|
docker ps | grep lab05-db
|
||||||
|
|||||||
@@ -79,10 +79,10 @@ Simula un failure del database.
|
|||||||
Esegui:
|
Esegui:
|
||||||
```bash
|
```bash
|
||||||
# Ferma il container
|
# Ferma il container
|
||||||
docker-compose stop db
|
docker compose stop db
|
||||||
|
|
||||||
# Rimuovi il container (NON il volume!)
|
# Rimuovi il container (NON il volume!)
|
||||||
docker-compose rm -f db
|
docker compose rm -f db
|
||||||
|
|
||||||
# Verifica che il container sia rimosso
|
# Verifica che il container sia rimosso
|
||||||
docker ps -a | grep lab05-db
|
docker ps -a | grep lab05-db
|
||||||
@@ -99,7 +99,7 @@ Crea un nuovo container con lo stesso volume.
|
|||||||
Esegui:
|
Esegui:
|
||||||
```bash
|
```bash
|
||||||
# Riavvia il database
|
# Riavvia il database
|
||||||
docker-compose up -d db
|
docker compose up -d db
|
||||||
|
|
||||||
# Attendi che sia pronto
|
# Attendi che sia pronto
|
||||||
sleep 10
|
sleep 10
|
||||||
@@ -162,12 +162,12 @@ Rimuovi TUTTO e ricrea da zero.
|
|||||||
Esegui:
|
Esegui:
|
||||||
```bash
|
```bash
|
||||||
# Ferma e rimuovi tutto
|
# Ferma e rimuovi tutto
|
||||||
docker-compose down -v
|
docker compose down -v
|
||||||
|
|
||||||
# Nota: -v rimuove anche i volumi! NON usare -v per preservare dati
|
# Nota: -v rimuove anche i volumi! NON usare -v per preservare dati
|
||||||
|
|
||||||
# Riavvia
|
# Riavvia
|
||||||
docker-compose up -d
|
docker compose up -d
|
||||||
|
|
||||||
# Verifica che i dati siano PERSI (corretto con -v)
|
# Verifica che i dati siano PERSI (corretto con -v)
|
||||||
docker exec lab05-db psql -U lab05_user -d lab05_db -c "
|
docker exec lab05-db psql -U lab05_user -d lab05_db -c "
|
||||||
|
|||||||
@@ -68,7 +68,7 @@ if docker compose version &> /dev/null; then
|
|||||||
COMPOSE_VERSION=$(docker compose version | grep -oP 'Docker Compose version v?\K[\d.]+' | head -1)
|
COMPOSE_VERSION=$(docker compose version | grep -oP 'Docker Compose version v?\K[\d.]+' | head -1)
|
||||||
print_info "Found Docker Compose V2 version: $COMPOSE_VERSION"
|
print_info "Found Docker Compose V2 version: $COMPOSE_VERSION"
|
||||||
print_pass "Docker Compose V2 is available (use 'docker compose' not 'docker-compose')"
|
print_pass "Docker Compose V2 is available (use 'docker compose' not 'docker-compose')"
|
||||||
elif command -v docker-compose &> /dev/null; then
|
elif command -v docker compose &> /dev/null; then
|
||||||
print_fail "Docker Compose V2 required. Found legacy 'docker-compose'. Please upgrade to Docker Compose V2"
|
print_fail "Docker Compose V2 required. Found legacy 'docker-compose'. Please upgrade to Docker Compose V2"
|
||||||
else
|
else
|
||||||
print_fail "Docker Compose V2 required. Use 'docker compose' not 'docker-compose'"
|
print_fail "Docker Compose V2 required. Use 'docker compose' not 'docker-compose'"
|
||||||
|
|||||||
Reference in New Issue
Block a user