---
phase: 04-lab-03-compute-ec2
plan: 03
type: execute
wave: 2
depends_on:
  - "04-01"
  - "04-02"
files_modified:
  - labs/lab-03-compute/docker-compose.yml
  - labs/lab-03-compute/Dockerfile
  - labs/lab-03-compute/tests/04-verify-infrastructure.sh
autonomous: true
requirements:
  - LAB-03
  - INF-01
  - INF-03
  - PARA-01
  - PARA-02
  - TEST-01
  - TEST-05
user_setup: []

must_haves:
  truths:
    - "docker-compose.yml exists and is valid (docker compose config passes)"
    - "All services have deploy.resources.limits.cpus set (INF-03)"
    - "All services have deploy.resources.limits.memory set (INF-03)"
    - "Services have appropriate healthchecks defined"
    - "depends_on uses condition: service_healthy where appropriate"
    - "Infrastructure verification passes all checks"
    - "Cloud nomenclature follows EC2 instance patterns (PARA-02)"
  artifacts:
    - path: "labs/lab-03-compute/docker-compose.yml"
      provides: "Compute infrastructure with limits and healthchecks"
      min_lines: 100
    - path: "labs/lab-03-compute/Dockerfile"
      provides: "Test container image with stress tools"
      min_lines: 25
    - path: "labs/lab-03-compute/tests/04-verify-infrastructure.sh"
      provides: "Infrastructure verification script"
      min_lines: 100
  key_links:
    - from: "docker-compose.yml"
      to: "tests/01-resource-limits-test.sh"
      via: "Tests validate deploy.resources.limits"
      pattern: "deploy:.*resources:.*limits"
    - from: "docker-compose.yml"
      to: "tests/02-healthcheck-test.sh"
      via: "Tests validate healthcheck sections"
      pattern: "healthcheck:"
    - from: "docker-compose.yml"
      to: "reference/compose-resources-syntax.md"
      via: "Reference documents all resource options"
      pattern: "deploy:.*resources"
    - from: "docker-compose.yml"
      to: "explanation/compute-ec2-parallels.md"
      via: "Instance types mapped to EC2"
      pattern: "# EC2|t2\\.micro|m5\\.large"
---

<objective>
Implement compute infrastructure for Lab 03 (Compute & EC2) with Docker Compose resource limits and healthchecks. Create docker-compose.yml with services that have mandatory CPU/memory limits (INF-03 compliance) and healthchecks for readiness verification.

Purpose: GREEN phase implementation - make tests from Plan 04-01 pass by implementing compute infrastructure with proper resource limits and healthchecks.

Output: docker-compose.yml with 4+ services, Dockerfile for test container, and infrastructure verification script.
</objective>

<execution_context>
@/home/luca/.claude/get-shit-done/workflows/execute-plan.md
@/home/luca/.claude/get-shit-done/templates/summary.md
</execution_context>

<context>
@.planning/REQUIREMENTS.md
@.planning/phases/04-lab-03-compute-ec2/04-RESEARCH.md
@.planning/phases/04-lab-03-compute-ec2/04-VALIDATION.md
@.planning/phases/03-lab-02-network-vpc/03-03-PLAN.md
@labs/lab-02-network/docker-compose.yml

# Infrastructure Requirements

## INF-03: Mandatory Resource Limits

**CRITICAL:** Every service MUST have:
```yaml
deploy:
  resources:
    limits:
      cpus: 'X'          # REQUIRED
      memory: 'XG'       # REQUIRED
```

**NON-COMPLIANT:**
```yaml
# Missing limits - INF-03 VIOLATION
services:
  app:
    image: nginx
    # No deploy section
```

## Service Configuration

### Tier 1: Web Server (t2.micro parallel)
```yaml
web:
  image: nginx:alpine
  container_name: lab03-web
  deploy:
    resources:
      limits:
        cpus: '1'
        memory: 1G
  healthcheck:
    test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/"]
    interval: 10s
    timeout: 5s
    retries: 3
    start_period: 5s
```

### Tier 2: Application Server (t2.small parallel)
```yaml
app:
  image: nginx:alpine
  container_name: lab03-app
  deploy:
    resources:
      limits:
        cpus: '1'
        memory: 2G
  depends_on:
    web:
      condition: service_healthy
  healthcheck:
    test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/"]
    interval: 10s
    timeout: 5s
    retries: 3
```

### Tier 3: Worker (t2.medium parallel)
```yaml
worker:
  image: alpine:3.19
  container_name: lab03-worker
  command: ["sh", "-c", "sleep 3600"]
  deploy:
    resources:
      limits:
        cpus: '2'
        memory: 4G
  healthcheck:
    test: ["CMD-SHELL", "exit 0"]
    interval: 30s
    timeout: 5s
    retries: 3
```

### Tier 4: Database (t2.medium parallel)
```yaml
db:
  image: postgres:16-alpine
  container_name: lab03-db
  environment:
    POSTGRES_DB: lab03_db
    POSTGRES_USER: lab03_user
    POSTGRES_PASSWORD: lab03_password
  deploy:
    resources:
      limits:
        cpus: '2'
        memory: 4G
  volumes:
    - db-data:/var/lib/postgresql/data
  healthcheck:
    test: ["CMD-SHELL", "pg_isready -U lab03_user -d lab03_db"]
    interval: 10s
    timeout: 5s
    retries: 5
    start_period: 10s
```

### Test Container (for enforcement testing)
```yaml
stress-test:
  image: polinux/stress
  container_name: lab03-stress
  command: ["--cpu", "1", "--vm", "1", "--vm-bytes", "256M", "--timeout", "30s"]
  deploy:
    resources:
      limits:
        cpus: '0.5'
        memory: 512M
  healthcheck:
    test: ["CMD-SHELL", "exit 0"]
    interval: 5s
    timeout: 3s
    retries: 3
```

# Dockerfile for Test Container

```dockerfile
# Dockerfile for Lab 03 - Compute & EC2
# Test container with stress testing tools

FROM alpine:3.19

# Create non-root user (INF-01 compliance)
RUN addgroup -g 1000 appgroup && \
    adduser -D -u 1000 -G appgroup appuser

# Install stress testing tools
RUN apk add --no-cache \
    stress \
    curl \
    && rm -rf /var/cache/apk/*

# Switch to non-root user
USER appuser

WORKDIR /home/appuser

# Default command - ready for stress testing
CMD ["sh", "-c", "sleep 3600"]
```

# Healthcheck Best Practices

## HTTP Service Healthcheck
```yaml
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/health"]
interval: 10s      # Check every 10 seconds
timeout: 5s        # Fail after 5 seconds
retries: 3         # Unhealthy after 3 failures
start_period: 5s   # Grace period on startup
```

## Database Healthcheck
```yaml
test: ["CMD-SHELL", "pg_isready -U postgres || exit 1"]
interval: 10s
timeout: 5s
retries: 5         # More retries for DB (slower startup)
start_period: 10s  # Longer grace period
```

## Simple Healthcheck
```yaml
test: ["CMD-SHELL", "exit 0"]
interval: 30s      # Less frequent for simple checks
timeout: 3s
retries: 3
```

# Infrastructure Verification Script

Based on labs/lab-02-network/tests/04-verify-infrastructure.sh pattern:

## Verification Steps

1. **File Existence:** docker-compose.yml exists
2. **Syntax Validation:** docker compose config passes
3. **Resource Limits:** All services have cpus and memory limits
4. **Healthchecks:** All services have healthcheck sections
5. **INF-03 Compliance:** 100% of services have limits
6. **Deploy Services:** docker compose up -d succeeds
7. **Health Status:** Services become healthy
8. **Resource Enforcement:** docker stats shows limits
9. **Dependency Order:** Services start in correct order
10. **Final Report:** Pass/fail summary

# Cloud Nomenclature (PARA-02)

Service names should reflect EC2 instance parallels:
- `web` → Web tier (t2.micro)
- `app` → Application tier (t2.small)
- `worker` → Background processing (t2.medium)
- `db` → Database tier (t2.medium)

# Implementation Notes

1. **Version:** Use `version: "3.8"` for compatibility
2. **Networks:** Can reuse networks from Lab 02 or create new
3. **Volumes:** Use named volumes for database persistence
4. **Security:** Follow INF-01 (no root), INF-02 (no 0.0.0.0 bindings)
5. **Parallelism:** Comments should show EC2 equivalent

# Success Criteria

Plan 04-03 is complete when:
1. docker-compose.yml created with 4+ services
2. All services have resource limits (INF-03)
3. All services have healthchecks
4. docker compose config validates
5. Services deploy and become healthy
6. Infrastructure verification passes all checks
7. Tests from 04-01 now pass (GREEN phase)
</context>

<tasks>
1. Create labs/lab-03-compute/ directory structure
2. Create docker-compose.yml (100+ lines)
   - Service: web (nginx, t2.micro: 1 CPU, 1G RAM)
   - Service: app (nginx, t2.small: 1 CPU, 2G RAM)
   - Service: worker (alpine, t2.medium: 2 CPU, 4G RAM)
   - Service: db (postgres, t2.medium: 2 CPU, 4G RAM)
   - Service: stress-test (enforcement testing)
   - All services: deploy.resources.limits
   - All services: healthcheck sections
   - Proper depends_on with conditions
   - Named volumes for database
3. Create Dockerfile (25+ lines)
   - Alpine 3.19 base
   - Non-root user (INF-01)
   - Install stress tools
   - Minimal and secure
4. Create tests/04-verify-infrastructure.sh (100+ lines)
   - Verify docker-compose.yml exists
   - Validate syntax
   - Check INF-03 compliance
   - Verify healthchecks
   - Deploy and test services
   - Check resource enforcement
   - Final summary report
5. Test infrastructure:
   - docker compose config
   - docker compose up -d
   - docker stats verification
   - health status check
   - docker compose down
</tasks>