MMenshikh · MMenshikh · Feb 26, 2026 · Feb 26, 2026 · Feb 26, 2026
diff --git a/app_python/docs/LAB04.md b/app_python/docs/LAB04.md
@@ -0,0 +1,177 @@
+
+# LAB04 — Yandex Cloud Infrastructure with Pulumi
+
+## Goal
+Create a simple infrastructure in Yandex Cloud using Pulumi (Python), including:
+
+- VPC network
+- Subnet
+- Security Group
+- Virtual Machine with SSH access and application port
+
+## Prerequisites
+
+1. Yandex Cloud account.
+2. Installed Pulumi and Python 3.10+.
+3. Yandex Cloud CLI (`yc`).
+4. Python virtual environment for the project:
+
+```bash
+python -m venv venv
+source venv/Scripts/activate
+pip install --upgrade pip setuptools wheel
+```
+
+## 1. Service Account Setup
+
+1. Create a service account:
+
+```bash
+yc iam service-account create --name lab04-sa
+```
+
+2. Create a service account key:
+
+```bash
+yc iam key create --service-account-name lab04-sa --output authorized_key.json
+```
+
+3. Ensure the key contains `private_key` and `public_key`.
+
+4. Assign folder access to the service account via web console: **Folder → Access Management → Add binding → Role: Editor + Security Admin → Subject: lab04-sa**.
+
+## 2. Pulumi Project Setup
+
+1. Initialize the project:
+
+```bash
+pulumi new python
+```
+
+- Name: `lab04`
+- Stack: `dev`
+
+2. Install Yandex Pulumi provider:
+
+```bash
+pip install pulumi_yandex
+```
+
+## 3. Project Structure
+
+```
+pulumi/
+├─ __main__.py
+├─ venv/
+├─ Pulumi.yaml
+└─ Pulumi.dev.yaml
+```
+
+## 4. Example `__main__.py`
+
+```python
+import pulumi
+from pulumi_yandex import Provider
+from pulumi_yandex.vpc import Network, SecurityGroup, Subnet
+from pulumi_yandex.compute import Instance, boot_disk, resources
+
+yc_provider = Provider("yc",
+    service_account_key_file="authorized_key.json",
+    cloud_id="your_cloud_id",
+    folder_id="b1gp20cgg1ivu6s502bu",
+    zone="ru-central1-a"
+)
+
+network = Network("lab04-network",
+    name="lab04-network",
+    opts=pulumi.ResourceOptions(provider=yc_provider)
+)
+
+sg = SecurityGroup("lab04-sg",
+    network_id=network.id,
+    ingress=[{
+        "protocol": "TCP",
+        "port": 22,
+        "v4_cidr_blocks": ["0.0.0.0/0"]
+    }, {
+        "protocol": "TCP",
+        "port": 5000,
+        "v4_cidr_blocks": ["0.0.0.0/0"]
+    }],
+    egress=[{
+        "protocol": "ANY",
+        "v4_cidr_blocks": ["0.0.0.0/0"]
+    }],
+    opts=pulumi.ResourceOptions(provider=yc_provider)
+)
+
+subnet = Subnet("lab04-subnet",
+    network_id=network.id,
+    v4_cidr_blocks=["10.5.0.0/24"],
+    zone="ru-central1-a",
+    opts=pulumi.ResourceOptions(provider=yc_provider)
+)
+
+vm = Instance("lab04-vm",
+    resources=resources.ResourcesArgs(
+        cores=2,
+        memory=2
+    ),
+    boot_disk=boot_disk.BootDiskArgs(
+        initialize_params=boot_disk.InitializeParamsArgs(
+            image_id="fd8t1v7d1qsb9j3c2g4i",
+            size=20
+        )
+    ),
+    network_interfaces=[{
+        "subnet_id": subnet.id,
+        "nat": True,
+        "security_group_ids": [sg.id]
+    }],
+    metadata={
+        "ssh-keys": "ubuntu:" + open("id_rsa.pub").read()
+    },
+    opts=pulumi.ResourceOptions(provider=yc_provider)
+)
+
+pulumi.export("vm_ip", vm.network_interfaces[0].primary_v4_address)
+```
+
+## 5. Generate SSH Keys
+
+```bash
+ssh-keygen -t rsa -b 2048 -f id_rsa
+```
+
+- `id_rsa` — private key
+- `id_rsa.pub` — public key used in Pulumi
+
+## 6. Deploy Infrastructure
+
+```bash
+source venv/Scripts/activate
+winpty pulumi up
+```
+
+Confirm with `yes`.
+
+## 7. Verify
+
+```bash
+ssh -i id_rsa ubuntu@<vm_ip>
+```
+
+Check that port 5000 is accessible.
+
+## 8. Cleanup
+
+```bash
+pulumi destroy
+pulumi stack rm dev
+```
+
+## 9. Summary
+
+- Created VPC network, subnet, security group, and VM.
+- Configured service account roles: editor + security-admin.
+- Managed infrastructure with Pulumi (Python).
diff --git a/app_python/docs/screenshots/Lab04/Pulumi_up_success.png b/app_python/docs/screenshots/Lab04/Pulumi_up_success.png
diff --git a/app_python/docs/screenshots/Lab04/Terraform_destroy.png b/app_python/docs/screenshots/Lab04/Terraform_destroy.png
diff --git a/app_python/docs/screenshots/Lab04/Terraform_success.png b/app_python/docs/screenshots/Lab04/Terraform_success.png
diff --git a/pulumi/.gitignore b/pulumi/.gitignore
@@ -0,0 +1,2 @@
+*.pyc
+venv/
diff --git a/pulumi/Pulumi.yaml b/pulumi/Pulumi.yaml
@@ -0,0 +1,11 @@
+name: lab04
+description: lab04 devops
+runtime:
+  name: python
+  options:
+    toolchain: pip
+    virtualenv: venv
+config:
+  pulumi:tags:
+    value:
+      pulumi:template: python
diff --git a/pulumi/__main__.py b/pulumi/__main__.py
@@ -0,0 +1,47 @@
+import pulumi
+from pulumi_yandex import ComputeInstance, VpcNetwork, VpcSubnet, VpcSecurityGroup
+from pulumi_yandex import Provider
+
+yc_provider = Provider("yc",
+                       service_account_key_file="authorized_key.json",
+                       cloud_id="b1gu4hpr6n728hvsq2uu",
+                       folder_id="b1gp20cgg1ivu6s502bu",
+                       zone="ru-central1-a"
+                       )
+
+network = VpcNetwork(
+    "lab04-network", opts=pulumi.ResourceOptions(provider=yc_provider))
+
+subnet = VpcSubnet("lab04-subnet",
+                   network_id=network.id,
+                   v4_cidr_blocks=["10.5.0.0/24"],
+                   zone="ru-central1-a",
+                   opts=pulumi.ResourceOptions(provider=yc_provider)
+                   )
+
+sg = VpcSecurityGroup("lab04-sg",
+                      network_id=network.id,
+                      ingresses=[  # <-- было ingress
+                          {"protocol": "TCP", "description": "SSH",
+                           "port": 22, "v4_cidr_blocks": ["0.0.0.0/0"]},
+                          {"protocol": "TCP", "description": "App",
+                           "port": 5000, "v4_cidr_blocks": ["0.0.0.0/0"]}
+                      ],
+                      egresses=[  # <-- было egress
+                          {"protocol": "ANY", "description": "Allow all outbound",
+                           "v4_cidr_blocks": ["0.0.0.0/0"]}
+                      ],
+                      opts=pulumi.ResourceOptions(provider=yc_provider)
+                      )
+
+vm = ComputeInstance("lab04-vm",
+                     platform_id="standard-v1",
+                     resources={"cores": 2, "memory": 2},
+                     boot_disk={"initialize_params": {
+                         "image_id": "fd87ce1b8tgh9b", "size": 20}},
+                     network_interfaces=[{"subnet_id": subnet.id,
+                                          "nat": True, "security_group_ids": [sg.id]}],
+                     metadata={
+                         "ssh-keys": "ubuntu:YOUR_SSH_PUBLIC_KEY_CONTENT"},
+                     opts=pulumi.ResourceOptions(provider=yc_provider)
+                     )
diff --git a/pulumi/requirements.txt b/pulumi/requirements.txt
@@ -0,0 +1 @@
+pulumi>=3.0.0,<4.0.0
diff --git a/pulumi/setuptools-33.1.1.zip b/pulumi/setuptools-33.1.1.zip
diff --git a/terraform/.gitignore b/terraform/.gitignore
@@ -0,0 +1,5 @@
+*.tfstate
+*.tfstate.*
+.terraform/
+terraform.tfvars
+authorized_key.json
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -0,0 +1,77 @@
+terraform {
+  required_providers {
+    yandex = {
+      source = "yandex-cloud/yandex"
+    }
+  }
+}
+
+provider "yandex" {
+  service_account_key_file = "authorized_key.json"
+  cloud_id                 = var.cloud_id
+  folder_id                = var.folder_id
+  zone                     = var.zone
+}
+
+resource "yandex_vpc_network" "network" {
+  name = "lab04-network"
+}
+
+resource "yandex_vpc_subnet" "subnet" {
+  name           = "lab04-subnet"
+  zone           = var.zone
+  network_id     = yandex_vpc_network.network.id
+  v4_cidr_blocks = ["10.5.0.0/24"]
+}
+
+resource "yandex_vpc_security_group" "vm_sg" {
+  name       = "lab04-sg"
+  network_id = yandex_vpc_network.network.id
+
+  ingress {
+    protocol       = "TCP"
+    description    = "SSH"
+    port           = 22
+    v4_cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    protocol       = "TCP"
+    description    = "App"
+    port           = 5000
+    v4_cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    protocol       = "ANY"
+    description    = "Allow all outbound"
+    v4_cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "yandex_compute_instance" "vm" {
+  name        = var.vm_name
+  platform_id = var.platform_id
+
+  resources {
+    cores  = var.cores
+    memory = var.memory
+  }
+
+  boot_disk {
+    initialize_params {
+      image_id = var.image_id
+      size     = 20
+    }
+  }
+
+  network_interface {
+    subnet_id          = yandex_vpc_subnet.subnet.id
+    nat                = true
+    security_group_ids = [yandex_vpc_security_group.vm_sg.id]
+  }
+
+  metadata = {
+    ssh-keys = "ubuntu:${file(var.ssh_public_key_path)}"
+  }
+}
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -0,0 +1,3 @@
+output "external_ip" {
+  value = yandex_compute_instance.vm.network_interface[0].nat_ip_address
+}
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -0,0 +1,32 @@
+variable "cloud_id" {}
+variable "folder_id" {}
+
+variable "zone" {
+  default = "ru-central1-a"
+}
+
+variable "vm_name" {
+  default = "lab04-vm"
+}
+
+variable "platform_id" {
+  default = "standard-v1"
+}
+
+variable "cores" {
+  default = 2
+}
+
+variable "memory" {
+  default = 2
+}
+
+variable "image_id" {
+  description = "Ubuntu 22.04 LTS image ID"
+  type        = string
+  default     = "fd817i7o8012578061ra"
+}
+
+variable "ssh_public_key_path" {
+  default = "~/.ssh/id_rsa.pub"
+}