fix: align lab02 and lab03 student verification flows

2026-04-10 13:43:02 +00:00
parent 49e15f7ea2
commit f4764253e4
13 changed files with 105 additions and 65 deletions
@@ -4,12 +4,19 @@ Crea reti Docker isolate che simulano VPC e Subnets cloud.

 ## Avvio del Laboratorio

+Leggi prima i tutorial nell'ordine indicato sotto. In questo lab il `Dockerfile` e solo un supporto per esempi e test manuali: il flusso principale usa `docker-compose.yml`.
+
 ```bash
 cd labs/lab-02-network
-docker build .
 docker compose up -d
 ```

+## Ordine Consigliato
+
+1. `tutorial/01-create-vpc-networks.md`
+2. `tutorial/02-deploy-containers-networks.md`
+3. `tutorial/03-verify-network-isolation.md`
+
 ## Verifica Completamento

 ```bash
@@ -21,4 +28,4 @@ bash tests/99-final-verification.sh
 - [Tutorial](tutorial/) - Guida passo-passo
 - [How-to Guides](how-to-guides/) - Procedure specifiche
 - [Reference](reference/) - Documentazione tecnica
- [Explanation](explanation/) - Paralleli cloud
+- [Explanation](explanation/) - Paralleli cloud
@@ -38,7 +38,7 @@ docker network prune
 ### Lab 02 Network Cleanup

 ```bash
-cd ~/laboratori-cloud/labs/lab-02-network
+cd /home/luca/laboratori-cloud/labs/lab-02-network

 # Ferma e rimuovi container del compose
 docker compose down
@@ -53,7 +53,7 @@ docker volume rm lab02-network_db-data 2>/dev/null || true
 ### Reset Completo Lab 02

 ```bash
-cd ~/laboratori-cloud/labs/lab-02-network
+cd /home/luca/laboratori-cloud/labs/lab-02-network

 # Tutto giu
 docker compose down -v --remove-orphans
@@ -99,4 +99,4 @@ docker system prune -a --volumes
 ## Vedi Anche

 - [Reference: Docker Network Commands](../reference/docker-network-commands.md)
- [How-To: Reset Ambiente Docker](../../how-to-guides/reset-docker-environment.md)
+- [Script reset ambiente](../../../scripts/reset-env.sh)
@@ -16,7 +16,7 @@ NC='\033[0m'

 # Get script directory
 TEST_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-PROJECT_ROOT="$(cd "$TEST_DIR/../.." && pwd)"
+PROJECT_ROOT="$(cd "$TEST_DIR/../../.." && pwd)"
 LAB_DIR="$PROJECT_ROOT/labs/lab-02-network"

 # Counter helpers
@@ -61,7 +61,9 @@ print_info() {
 }

 # Main header
-clear
+if command -v clear &> /dev/null; then
+    clear
+fi
 print_header "Lab 02: Network & VPC - Final Verification"
 echo ""
 echo -e "This script verifies your entire Lab 02 implementation."
@@ -105,7 +107,7 @@ if [[ "${FAIL_REASON:-}" == "compose_missing" ]]; then
    print_warn "Skipping network tests - compose file missing"
 else
    # Check for custom networks
-    NETWORKS=$(docker compose -f "$COMPOSE_FILE" config --format json 2>/dev/null | grep -o '"networks"' | wc -l || echo "0")
+    NETWORKS=$(docker compose -f "$COMPOSE_FILE" config --format json 2>/dev/null | grep -o '"networks"' | wc -l)
    if [[ $NETWORKS -gt 0 ]]; then
        print_pass "Custom networks defined in docker-compose.yml"

@@ -119,7 +121,7 @@ else
    fi

    # Check for VPC-style naming (PARA-02 requirement)
-    VPC_NAMES=$(grep -E 'vpc-|subnet-|network-' "$COMPOSE_FILE" 2>/dev/null | wc -l || echo "0")
+    VPC_NAMES=$(grep -E 'vpc-|subnet-|network-' "$COMPOSE_FILE" 2>/dev/null | wc -l)
    if [[ $VPC_NAMES -gt 0 ]]; then
        print_pass "Uses VPC-style naming convention (PARA-02 compliant)"
    else
@@ -132,7 +134,7 @@ print_section "3. INF-02 Security Compliance"

 if [[ -f "$COMPOSE_FILE" ]]; then
    # Check for 0.0.0.0 bindings
-    ZERO_BINDINGS=$(grep -c -E '0\.0\.0\.0:[0-9]+' "$COMPOSE_FILE" 2>/dev/null || echo "0")
+    ZERO_BINDINGS=$(grep -c -E '0\.0\.0\.0:[0-9]+' "$COMPOSE_FILE" 2>/dev/null || true)
    if [[ $ZERO_BINDINGS -eq 0 ]]; then
        print_pass "No 0.0.0.0 port bindings found (INF-02 compliant)"
    else
@@ -142,7 +144,7 @@ if [[ -f "$COMPOSE_FILE" ]]; then
    fi

    # Check for localhost bindings
-    LOCALHOST_BINDINGS=$(grep -c -E '127\.0\.0\.1:[0-9]+' "$COMPOSE_FILE" 2>/dev/null || echo "0")
+    LOCALHOST_BINDINGS=$(grep -c -E '127\.0\.0\.1:[0-9]+' "$COMPOSE_FILE" 2>/dev/null || true)
    if [[ $LOCALHOST_BINDINGS -gt 0 ]]; then
        print_pass "Found $LOCALHOST_BINDINGS service(s) with 127.0.0.1 binding (secure)"
    else
@@ -150,7 +152,7 @@ if [[ -f "$COMPOSE_FILE" ]]; then
    fi

    # Check for host networking
-    HOST_NET=$(grep -c -E 'network_mode:\s*host' "$COMPOSE_FILE" 2>/dev/null || echo "0")
+    HOST_NET=$(grep -c -E 'network_mode:\s*host' "$COMPOSE_FILE" 2>/dev/null || true)
    if [[ $HOST_NET -eq 0 ]]; then
        print_pass "No services using host networking mode"
    else
@@ -193,9 +195,9 @@ print_section "5. Documentation Completeness (Diátxis Framework)"

 DOC_COUNT=0
 DOC_FILES=(
-    "$LAB_DIR/tutorial/01-create-networks.md"
-    "$LAB_DIR/tutorial/02-deploy-containers.md"
-    "$LAB_DIR/tutorial/03-verify-isolation.md"
+    "$LAB_DIR/tutorial/01-create-vpc-networks.md"
+    "$LAB_DIR/tutorial/02-deploy-containers-networks.md"
+    "$LAB_DIR/tutorial/03-verify-network-isolation.md"
    "$LAB_DIR/how-to-guides/*.md"
    "$LAB_DIR/reference/*.md"
    "$LAB_DIR/explanation/*.md"
@@ -223,10 +225,7 @@ fi
 print_section "6. Test Infrastructure Verification"

 TEST_FILES=(
-    "$TEST_DIR/01-network-creation-test.sh"
-    "$TEST_DIR/02-isolation-verification-test.sh"
-    "$TEST_DIR/03-inf02-compliance-test.sh"
-    "$TEST_DIR/run-all-tests.sh"
+    "$TEST_DIR/99-final-verification.sh"
 )

 TESTS_FOUND=0
@@ -237,9 +236,9 @@ for test_file in "${TEST_FILES[@]}"; do
 done

 if [[ $TESTS_FOUND -eq ${#TEST_FILES[@]} ]]; then
-    print_pass "All test scripts present and executable"
+    print_pass "Final verification script present and executable"
 elif [[ $TESTS_FOUND -gt 0 ]]; then
-    print_warn "Some test scripts missing: $TESTS_FOUND/${#TEST_FILES[@]} found"
+    print_warn "Some expected test scripts missing: $TESTS_FOUND/${#TEST_FILES[@]} found"
 else
    print_fail "Test infrastructure not found"
 fi
@@ -8,6 +8,8 @@ Creare due reti isolate che simulano una subnet pubblica e una subnet privata in
 - **VPC Public Subnet**: `lab02-vpc-public` (10.0.1.0/24) - per servizi accessibili
 - **VPC Private Subnet**: `lab02-vpc-private` (10.0.2.0/24) - isolata, senza accesso esterno

+Nota pratica: il tutorial 2 usa `docker compose` per creare e gestire le stesse reti. Se segui questo tutorial alla lettera con `docker network create`, prima di avviare il compose dovrai rimuovere le reti manuali oppure dichiararle come reti esterne. Nel flusso consigliato per studenti conviene usare questo tutorial per capire i concetti e usare il compose del tutorial 2 come implementazione finale.
+
 ## Prerequisiti

 - Docker Engine >= 24.0 installato e in esecuzione
@@ -261,6 +263,12 @@ Hai completato questo tutorial quando:

 Nel [prossimo tutorial](./02-deploy-containers-networks.md) imparerai a distribuire container in queste reti usando docker-compose.yml, creando un'architettura multi-tier (web pubblica, database privato).

+Prima di passare al tutorial 2, se hai creato le reti manualmente in questo tutorial, puliscile per evitare conflitti con Compose:
+
+```bash
+docker network rm lab02-vpc-public lab02-vpc-private
+```
+
 ---

 ## Troubleshooting
@@ -20,7 +20,7 @@ Creare un'architettura multi-tier con docker-compose:
 Esegui:

 ```bash
-cd ~/laboratori-cloud/labs/lab-02-network
+cd /home/luca/laboratori-cloud/labs/lab-02-network
 ```

 ---
@@ -96,6 +96,8 @@ volumes:

 Salva il file.

+Nota: in questo repository il file `docker-compose.yml` esiste gia. Puoi confrontare il tuo file con quello presente oppure usare direttamente quello del lab.
+
 ---

 ## Passo 3: Verificare la Configurazione
@@ -114,9 +116,12 @@ Se valido, vedrai la configurazione completa. Se ci sono errori, verranno mostra

 ## Passo 4: Avviare i Servizi

+Se nel tutorial 1 hai creato le reti manualmente con gli stessi nomi, rimuovile prima di questo comando. Altrimenti `docker compose up -d` fallisce per conflitto di ownership/label delle reti.
+
 Esegui:

 ```bash
+docker network rm lab02-vpc-public lab02-vpc-private 2>/dev/null || true
 docker compose up -d
 ```

@@ -156,7 +161,7 @@ Esegui:

 ```bash
 # Verifica container web nella rete pubblica
-docker inspect lab02-web --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} in {{.NetworkID}}{{end}}'
+docker inspect lab02-web --format '{{range $k, $v := .NetworkSettings.Networks}}{{$v.IPAddress}} in {{$k}}{{end}}'
 ```

 Atteso (IP nella subnet pubblica):
@@ -168,7 +173,7 @@ Esegui:

 ```bash
 # Verifica database nella rete privata
-docker inspect lab02-db --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} in {{.NetworkID}}{{end}}'
+docker inspect lab02-db --format '{{range $k, $v := .NetworkSettings.Networks}}{{$v.IPAddress}} in {{$k}}{{end}}'
 ```

 Atteso (IP nella subnet privata):
@@ -180,7 +185,7 @@ Esegui:

 ```bash
 # Verifica app in entrambe le reti (multi-homed)
-docker inspect lab02-app --format '{{range .NetworkSettings.Networks}}{{.IPAddress}} in {{.NetworkID}} | {{end}}'
+docker inspect lab02-app --format '{{range $k, $v := .NetworkSettings.Networks}}{{$v.IPAddress}} in {{$k}} | {{end}}'
 ```

 Atteso:
@@ -13,7 +13,7 @@ Verificare che:
 ## Prerequisiti

 - Completati [Tutorial 1](./01-create-vpc-networks.md) e [Tutorial 2](./02-deploy-containers-networks.md)
- Container in esecuzione: `docker compose ps` mostra 3 container attivi
+- Container in esecuzione: `docker ps` mostra almeno `lab02-web`, `lab02-app` e `lab02-db` attivi

 ---

@@ -22,11 +22,11 @@ Verificare che:
 Esegui:

 ```bash
-cd ~/laboratori-cloud/labs/lab-02-network
+cd /home/luca/laboratori-cloud/labs/lab-02-network
 docker compose ps
 ```

-Assicurati che lab02-web, lab02-app, e lab02-db siano "Up".
+Assicurati che `lab02-web`, `lab02-app` e `lab02-db` siano "Up". Se `docker compose ps` non mostra nulla ma `docker compose up -d` e andato a buon fine, verifica con `docker ps | grep '^lab02-'`.

 Se non lo sono:

@@ -44,15 +44,15 @@ Esegui:

 ```bash
 # Verifica: app puo raggiungere web (stessa rete pubblica)
-docker exec lab02-app ping -c 2 lab02-web
+docker exec lab02-app ping -c 2 web
 ```

 Atteso:
 ```
-PING lab02-web (10.0.1.10): 56 data bytes
+PING web (10.0.1.10): 56 data bytes
 64 bytes from 10.0.1.10: seq=0 ttl=64 time=0.123 ms
 64 bytes from 10.0.1.10: seq=1 ttl=64 time=0.045 ms
--- lab02-web ping statistics ---
+--- web ping statistics ---
 2 packets transmitted, 2 packets received, 0% packet loss
 ```

@@ -68,18 +68,18 @@ Esegui:

 ```bash
 # Verifica: web NON puo raggiungere db (reti diverse)
-docker exec lab02-web ping -c 2 lab02-db
+docker exec lab02-web ping -c 2 db
 ```

 Atteso:
 ```
-ping: bad address 'lab02-db'
+ping: bad address 'db'
 ```

 Oppure:
 ```
-PING lab02-db (10.0.2.10): 56 data bytes
--- lab02-db ping statistics ---
+PING db (10.0.2.10): 56 data bytes
+--- db ping statistics ---
 2 packets transmitted, 0 packets received, 100% packet loss
 ```

@@ -97,7 +97,7 @@ Esegui:

 ```bash
 # Verifica: app puo raggiungere web (stessa rete pubblica)
-docker exec lab02-app ping -c 2 lab02-web
+docker exec lab02-app ping -c 2 web
 ```

 Atteso: SUCCESSO
@@ -106,7 +106,7 @@ Esegui:

 ```bash
 # Verifica: app puo raggiungere db (stessa rete privata)
-docker exec lab02-app ping -c 2 lab02-db
+docker exec lab02-app ping -c 2 db
 ```

 Atteso: SUCCESSO
@@ -123,12 +123,12 @@ Esegui:

 ```bash
 # Test DNS nella stessa rete
-docker exec lab02-app nslookup lab02-web
+docker exec lab02-app nslookup web
 ```

 Atteso:
 ```
-Name:      lab02-web
+Name:      web
 Address 1: 10.0.1.10
 ```

@@ -136,7 +136,7 @@ Esegui:

 ```bash
 # Test DNS cross-rete (dovrebbe fallire)
-docker exec lab02-web nslookup lab02-db
+docker exec lab02-web nslookup db
 ```

 Atteso: Fallisce o restituisce errore