Luca Sacchi Ricciardi
280 lines
6.8 KiB
Bash
280 lines
6.8 KiB
Bash
#!/bin/bash
|
|
# Lab 05 - Database & RDS
|
|
# Test 99: Final Verification (Double Check)
|
|
|
|
set -euo pipefail
|
|
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
TEST_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
LAB_DIR="$(cd "$TEST_DIR/.." && pwd)"
|
|
|
|
pass_count=0
|
|
fail_count=0
|
|
skip_count=0
|
|
|
|
inc_pass() { ((pass_count++)) || true; }
|
|
inc_fail() { ((fail_count++)) || true; }
|
|
inc_skip() { ((skip_count++)) || true; }
|
|
|
|
check_pass() {
|
|
echo -e "${GREEN}OK${NC}"
|
|
inc_pass
|
|
}
|
|
|
|
check_fail() {
|
|
echo -e "${RED}FAIL${NC}"
|
|
inc_fail
|
|
}
|
|
|
|
check_warn() {
|
|
echo -e "${YELLOW}WARN${NC} $1"
|
|
inc_skip
|
|
}
|
|
|
|
cleanup() {
|
|
docker compose down >/dev/null 2>&1 || true
|
|
}
|
|
|
|
trap cleanup EXIT
|
|
|
|
cd "$LAB_DIR"
|
|
|
|
echo "=========================================="
|
|
echo "Lab 05 - Final Verification (Double Check)"
|
|
echo "=========================================="
|
|
echo ""
|
|
echo "Verifica completa: Lab 05 - Database & RDS"
|
|
echo "Parallelo: PostgreSQL in Docker ↔ RDS in AWS VPC"
|
|
echo ""
|
|
|
|
echo -n "[CHECK] Verifica docker-compose.yml esista... "
|
|
if [ -f docker-compose.yml ]; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
exit 1
|
|
fi
|
|
|
|
echo -n "[CHECK] Sintassi docker compose valida... "
|
|
if docker compose config >/dev/null 2>&1; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "=== VERIFICA CONFIGURAZIONE ==="
|
|
|
|
echo -n "[CHECK] Servizio 'db' definito... "
|
|
if grep -q '^ db:$' <(docker compose config); then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Immagine PostgreSQL... "
|
|
if grep -q 'image: postgres:16-alpine' docker-compose.yml; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Credenziali PostgreSQL configurate... "
|
|
if grep -q 'POSTGRES_DB:' docker-compose.yml && \
|
|
grep -q 'POSTGRES_USER:' docker-compose.yml && \
|
|
grep -q 'POSTGRES_PASSWORD:' docker-compose.yml; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Volume 'db-data' configurato... "
|
|
if grep -q '^ db-data:$' <(docker compose config); then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Database in rete 'vpc-private'... "
|
|
if docker compose config | grep -A 30 '^ db:$' | grep -q 'vpc-private'; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] NESSUNA porta esposta sul database (INF-02)... "
|
|
if docker compose config | grep -A 30 '^ db:$' | grep -q 'ports:'; then
|
|
check_fail
|
|
else
|
|
check_pass
|
|
fi
|
|
|
|
echo -n "[CHECK] Limiti risorse configurati sul database (INF-03)... "
|
|
if docker compose config | grep -A 30 '^ db:$' | grep -q 'cpus:' && \
|
|
docker compose config | grep -A 30 '^ db:$' | grep -q 'memory:'; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo ""
|
|
echo "=== VERIFICA ESECUZIONE ==="
|
|
|
|
docker compose down >/dev/null 2>&1 || true
|
|
docker compose up -d >/dev/null
|
|
sleep 10
|
|
|
|
echo -n "[CHECK] Container 'lab05-db' in esecuzione... "
|
|
if docker ps --format '{{.Names}}' | grep -q '^lab05-db$'; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
echo "Avviare i container: docker compose up -d"
|
|
exit 1
|
|
fi
|
|
|
|
echo -n "[CHECK] Healthcheck database... "
|
|
health_status=$(docker inspect lab05-db --format '{{.State.Health.Status}}' 2>/dev/null || echo unknown)
|
|
if [ "$health_status" = "healthy" ]; then
|
|
check_pass
|
|
elif [ "$health_status" = "starting" ]; then
|
|
check_warn "(database ancora in avvio)"
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] PostgreSQL pronto (pg_isready)... "
|
|
if docker exec lab05-db pg_isready -U lab05_user >/dev/null 2>&1; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo ""
|
|
echo "=== VERIFICA SICUREZZA ==="
|
|
|
|
echo -n "[CHECK] Processo principale NON gira come root (INF-01)... "
|
|
pid1_user=$(docker exec lab05-db sh -c "ps -o user,pid,args | awk '\$2 == 1 {print \$1}'" 2>/dev/null | tr -d '[:space:]')
|
|
pid1_uid=$(docker exec lab05-db sh -c "awk '/^Uid:/ {print \$2}' /proc/1/status" 2>/dev/null | tr -d '[:space:]')
|
|
if [ -n "$pid1_uid" ] && [ "$pid1_uid" -ne 0 ]; then
|
|
echo -e "${GREEN}OK${NC} ($pid1_user uid=$pid1_uid)"
|
|
inc_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] NESSUNA porta host sul DB (INF-02)... "
|
|
db_port=$(docker port lab05-db 5432 2>/dev/null || true)
|
|
if [ -z "$db_port" ]; then
|
|
check_pass
|
|
else
|
|
echo -e "${RED}FAIL${NC} ($db_port)"
|
|
inc_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Isolamento rete pubblica -> DB... "
|
|
if docker exec lab05-test-public ping -c 1 db >/dev/null 2>&1; then
|
|
check_fail
|
|
else
|
|
check_pass
|
|
fi
|
|
|
|
echo -n "[CHECK] App privata puo raggiungere DB... "
|
|
if docker exec lab05-app ping -c 1 db >/dev/null 2>&1; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Limiti risorsa applicati (INF-03)... "
|
|
db_memory=$(docker inspect lab05-db --format '{{.HostConfig.Memory}}' 2>/dev/null || echo 0)
|
|
db_cpus=$(docker inspect lab05-db --format '{{.HostConfig.NanoCpus}}' 2>/dev/null || echo 0)
|
|
if [ "$db_memory" -gt 0 ] && [ "$db_cpus" -gt 0 ]; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Volume persistenza presente (INF-04)... "
|
|
if docker volume ls --format '{{.Name}}' | grep -q '^lab-05-database_db-data$'; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo ""
|
|
echo "=== VERIFICA FUNZIONALITA ==="
|
|
|
|
echo -n "[CHECK] Connessione database funziona... "
|
|
if docker exec lab05-db psql -U lab05_user -d lab05_db -c 'SELECT 1;' >/dev/null 2>&1; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Creazione tabella... "
|
|
if docker exec lab05-db psql -U lab05_user -d lab05_db -c 'CREATE TABLE IF NOT EXISTS verify_test (id SERIAL PRIMARY KEY, note TEXT);' >/dev/null 2>&1; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Inserimento dati... "
|
|
if docker exec lab05-db psql -U lab05_user -d lab05_db -c "INSERT INTO verify_test (note) VALUES ('ok');" >/dev/null 2>&1; then
|
|
check_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Query dati... "
|
|
count=$(docker exec lab05-db psql -U lab05_user -d lab05_db -tAc "SELECT COUNT(*) FROM verify_test WHERE note='ok';" 2>/dev/null | tr -d '[:space:]')
|
|
if [ -n "$count" ] && [ "$count" -ge 1 ]; then
|
|
echo -e "${GREEN}OK${NC} ($count righe)"
|
|
inc_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo -n "[CHECK] Persistenza dati dopo restart DB... "
|
|
docker compose restart db >/dev/null
|
|
sleep 8
|
|
persist_count=$(docker exec lab05-db psql -U lab05_user -d lab05_db -tAc "SELECT COUNT(*) FROM verify_test WHERE note='ok';" 2>/dev/null | tr -d '[:space:]')
|
|
if [ -n "$persist_count" ] && [ "$persist_count" -ge 1 ]; then
|
|
echo -e "${GREEN}OK${NC} ($persist_count righe)"
|
|
inc_pass
|
|
else
|
|
check_fail
|
|
fi
|
|
|
|
echo ""
|
|
echo "=========================================="
|
|
echo "RISULTATO FINALE:"
|
|
echo " $pass_count PASS"
|
|
echo " $fail_count FAIL"
|
|
echo " $skip_count SKIP"
|
|
echo "=========================================="
|
|
|
|
if [ "$fail_count" -eq 0 ]; then
|
|
echo ""
|
|
echo -e "${GREEN}✓ LAB 05 COMPLETATO CON SUCCESSO${NC}"
|
|
echo ""
|
|
echo "Paralleli confermati:"
|
|
echo " PostgreSQL container → RDS Instance"
|
|
echo " Private network → VPC Private Subnet"
|
|
echo " Named volume → EBS Volume"
|
|
echo " Resource limits → DB Instance Class"
|
|
echo ""
|
|
exit 0
|
|
else
|
|
echo ""
|
|
echo -e "${RED}✗ LAB 05 HA ERRORI - RISOLVERE E RIPETERE${NC}"
|
|
echo ""
|
|
exit 1
|
|
fi
|