diff --git a/.github/workflows/ansible-deploy.yml b/.github/workflows/ansible-deploy.yml
new file mode 100644
index 0000000000..f6b67b08ff
--- /dev/null
+++ b/.github/workflows/ansible-deploy.yml
@@ -0,0 +1,86 @@
+name: Ansible Deployment
+
+on:
+ push:
+ branches: [ master, lab06 ]
+ paths:
+ - 'ansible/**'
+ - '.github/workflows/ansible-deploy.yml'
+ pull_request:
+ branches: [ master, lab06 ]
+ paths:
+ - 'ansible/**'
+ - '.github/workflows/ansible-deploy.yml'
+ workflow_dispatch: # Позволяет запускать вручную
+
+jobs:
+ lint:
+ name: Ansible Lint
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Set up Python
+ uses: actions/setup-python@v5
+ with:
+ python-version: '3.12'
+
+ - name: Install Ansible and ansible-lint
+ run: |
+ pip install ansible ansible-lint
+
+ - name: Run ansible-lint
+ run: |
+ cd ansible
+ ansible-lint playbooks/*.yml roles/*/tasks/*.yml || true
+ continue-on-error: true
+
+ deploy:
+ name: Deploy Application
+ needs: lint
+ runs-on: ubuntu-latest
+ if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Set up Python
+ uses: actions/setup-python@v5
+ with:
+ python-version: '3.12'
+
+ - name: Install Ansible and dependencies
+ run: |
+ pip install ansible
+ ansible-galaxy collection install community.docker
+
+ - name: Setup SSH
+ run: |
+ mkdir -p ~/.ssh
+ echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+ chmod 600 ~/.ssh/id_rsa
+ ssh-keyscan -H ${{ secrets.VM_HOST }} >> ~/.ssh/known_hosts
+
+ - name: Test SSH connection
+ run: |
+ ssh -i ~/.ssh/id_rsa ${{ secrets.VM_USER }}@${{ secrets.VM_HOST }} "echo 'SSH connection successful'"
+
+ - name: Deploy with Ansible
+ env:
+ ANSIBLE_HOST_KEY_CHECKING: 'False'
+ run: |
+ cd ansible
+ echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > /tmp/vault_pass
+ ansible-playbook playbooks/deploy.yml \
+ -i inventory/hosts.ini \
+ --vault-password-file /tmp/vault_pass
+ rm /tmp/vault_pass
+
+ - name: Verify deployment
+ run: |
+ sleep 10
+ curl -f http://${{ secrets.VM_HOST }}:5000/health || exit 1
+ echo "✅ Application is healthy!"
\ No newline at end of file
diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml
new file mode 100644
index 0000000000..4bdf2edf8a
--- /dev/null
+++ b/.github/workflows/python-ci.yml
@@ -0,0 +1,86 @@
+name: CI
+
+on:
+ push:
+ branches:
+ - master
+ - lab03
+ paths:
+ - 'app_python/**'
+ - '.github/workflows/python-ci.yml'
+ pull_request:
+ branches:
+ - master
+ paths:
+ - 'app_python/**'
+ - '.github/workflows/python-ci.yml'
+
+jobs:
+ test:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Set up Python
+ uses: actions/setup-python@v5
+ with:
+ python-version: "3.13"
+ cache: "pip"
+
+ - name: Install dependencies
+ run: |
+ pip install -r app_python/requirements.txt
+ pip install -r app_python/requirements-dev.txt
+
+ - name: Run linter
+ run: |
+ cd app_python
+ flake8 app.py
+
+ - name: Run tests
+ run: |
+ cd app_python
+ pytest -v
+
+ - name: Install Snyk CLI
+ run: |
+ npm install -g snyk
+
+ - name: Authenticate Snyk
+ run: |
+ snyk auth ${{ secrets.SYNK_TOKEN }}
+
+ - name: Run Snyk security scan
+ run: |
+ cd app_python
+ snyk test --severity-threshold=high
+
+
+
+
+ docker:
+ needs: test
+ runs-on: ubuntu-latest
+ if: github.event_name == 'push'
+
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Login to Docker Hub
+ uses: docker/login-action@v3
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Generate version
+ run: echo "VERSION=$(date +%Y.%m)" >> $GITHUB_ENV
+
+ - name: Build and push
+ uses: docker/build-push-action@v6
+ with:
+ context: app_python
+ push: true
+ tags: |
+ ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:${{ env.VERSION }}
+ ${{ secrets.DOCKERHUB_USERNAME }}/devops-info-service:latest
diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml
new file mode 100644
index 0000000000..8770390c10
--- /dev/null
+++ b/.github/workflows/terraform-ci.yml
@@ -0,0 +1,124 @@
+name: Terraform CI/CD
+
+on:
+ push:
+ branches:
+ - master
+ - lab04
+ paths:
+ - 'terraform/**'
+ - '.github/workflows/terraform-ci.yml'
+ pull_request:
+ branches:
+ - master
+ - lab04
+ paths:
+ - 'terraform/**'
+ - '.github/workflows/terraform-ci.yml'
+
+jobs:
+ terraform-validation:
+ name: Terraform Validation
+ runs-on: ubuntu-latest
+
+ defaults:
+ run:
+ working-directory: ./terraform
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v3
+ with:
+ terraform_version: latest
+
+ - name: Terraform Format Check
+ id: fmt
+ run: terraform fmt -check -recursive
+ continue-on-error: true
+
+ - name: Terraform Init
+ id: init
+ run: terraform init -backend=false
+
+ - name: Terraform Validate
+ id: validate
+ run: terraform validate -no-color
+
+ - name: Setup TFLint
+ uses: terraform-linters/setup-tflint@v4
+ with:
+ tflint_version: v0.61.0
+
+ - name: Show TFLint version
+ run: tflint --version
+
+ - name: Initialize TFLint
+ run: tflint --init
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Run TFLint
+ id: tflint
+ run: tflint --format compact --recursive
+ continue-on-error: true
+
+ - name: Comment PR with Results
+ if: github.event_name == 'pull_request'
+ uses: actions/github-script@v7
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ script: |
+ const output = `#### Terraform CI Results 🔍
+
+ | Check | Status |
+ |-------|--------|
+ | **Terraform Format** | \`${{ steps.fmt.outcome }}\` |
+ | **Terraform Init** | \`${{ steps.init.outcome }}\` |
+ | **Terraform Validate** | \`${{ steps.validate.outcome }}\` |
+ | **TFLint** | \`${{ steps.tflint.outcome }}\` |
+
+ 📋 Show Details
+
+ #### Terraform Format Check
+ ${{ steps.fmt.outcome == 'success' && '✅ All files are properly formatted' || '❌ Some files need formatting. Run: `terraform fmt -recursive`' }}
+
+ #### Terraform Init
+ ${{ steps.init.outcome == 'success' && '✅ Initialization successful' || '❌ Initialization failed' }}
+
+ #### Terraform Validate
+ ${{ steps.validate.outcome == 'success' && '✅ Configuration is valid' || '❌ Configuration has syntax errors' }}
+
+ #### TFLint
+ ${{ steps.tflint.outcome == 'success' && '✅ No linting issues found' || '⚠️ Linting issues detected (see logs)' }}
+
+
- Perfect for microservices
- Excellent for educational purposes | - Less built-in features compared to Django
- Manual setup for async operations | Ideal for simple API services, easier for beginners learning DevOps concepts, sufficient for our monitoring service needs |
+| FastAPI | - Native async support
- Auto-generated OpenAPI documentation
- High performance
- Type hints integration | - Steeper learning curve for Python beginners
- More overhead for a simple application | Considered for modern features but Flask's simplicity better fits educational goals |
+| Django | - Comprehensive security features
- Excellent for full-stack applications | - Heavyweight
- Overkill for a simple API service
- Longer setup time | Too complex for this microservice; would add unnecessary complexity |
+
+## Best Practices Applied
+
+### 1. Clean Code Organization
+- **Modular Structure:** Separated concerns into distinct functions (`get_system_info`, `get_runtime_info`, etc.) for better understanding
+- **Descriptive Naming:** Functions clearly indicate their purpose
+- **Import Grouping:** Organized imports in logical groups (standard library, third-party)
+- **Minimal Comments:** Comments only where business logic needs explanation
+- **PEP 8 Compliance:** Followed Python style guide for indentation, line length, and naming conventions
+- **Comprehensive Error Handling:** Implemented error handlers for common HTTP status codes
+- **Structured Logging:** Timestamps help debug timing issues
+- **Environment-Based Configuration:** No hardcoded values in source code, easy configuration for different environments
+
+**Code Example:**
+```python
+def get_system_info():
+ """Collect comprehensive system information."""
+ return {
+ 'hostname': socket.gethostname(),
+ 'platform': platform.system(),
+ 'platform_version': platform.platform(),
+ 'architecture': platform.machine(),
+ 'cpu_count': os.cpu_count(),
+ 'python_version': platform.python_version()
+ }
+```
+
+## API Documentation
+
+### GET /
+
+- Returns comprehensive service and system information (endpoints, request, runtime, system info, service info).
+
+ **Request:**
+
+ ```bash
+ curl http://localhost:5000/
+ ```
+
+ **Status Codes:**
+
+ - 200 OK: Service is healthy
+ - 4xx: Service is unhealthy (implemented in future labs)
+ - 5xx: Service is unhealthy (implemented in future labs)
+
+ **Response Example:**
+ 
+
+### GET /health
+
+- Health check endpoint for monitoring systems and Kubernetes probes.
+
+ **Request:**
+
+ ```bash
+ curl http://localhost:5000/health
+ ```
+
+ **Status Codes:**
+
+ - 200 OK: Service is healthy
+ - 4xx: Service is unhealthy (implemented in future labs)
+ - 5xx: Service is unhealthy (implemented in future labs)
+
+ **Response Example:**
+ 
+
+## Testing commands
+
+```bash
+python app.py #Default Configuration The service will start at: http://0.0.0.0:5000
+
+# Custom Configuration on Linux/Mac:
+PORT=8080 python app.py # Change port
+HOST=127.0.0.1 PORT=3000 python app.py # Change host and port
+DEBUG=true python app.py # Enable debug mode
+
+# Custom Configuration on Windows PowerShell:
+$env:HOST="127.0.0.1"; $env:PORT=8080; python app.py
+```
+
+## Terminal Output Examples
+
+Application Startup:
+
+```text
+2026-01-28 22:02:58,501 - __main__ - INFO - Starting DevOps Info Service on 0.0.0.0:8813 (DEBUG=False)
+ * Serving Flask app 'app'
+ * Debug mode: off
+```
+
+Request Logging:
+
+```text
+2026-01-28 22:03:13,068 - __main__ - INFO - Request to / from 127.0.0.1
+2026-01-28 22:03:13,116 - werkzeug - INFO - 127.0.0.1 - - [28/Jan/2026 22:03:13] "GET / HTTP/1.1" 200 -
+```
+
+## Challenges & Solutions
+
+### Windows Port Access Restrictions
+
+**Problem:**
+When trying to bind to certain ports in Windows, received error: "An attempt was made to access a socket in a way forbidden by its access permissions". This occurred regardless of which port was used with the command $env:HOST="127.0.0.1"; $env:PORT=3000; python app.py.
+
+**Root Cause:**
+Windows has strict socket permissions, and ports below 1024 often require administrator privileges. Additionally, Windows Firewall or antivirus software can block socket creation.
+
+**Solution:**
+
+1. Use ports above 1024: Changed to port 5000 or 8080 which don't require admin rights
+2. Run PowerShell as Administrator: For ports that require elevated privileges
+
+## GitHub Community
+
+### Importance of Starring Repositories
+Starring repositories on GitHub is crucial in open source development for several reasons:
+
+- **Discovery & Visibility:** Stars help projects gain visibility in GitHub search and recommendations. More stars often indicate a trustworthy and useful project.
+
+- **Appreciation & Motivation:** Stars show appreciation to maintainers, encouraging them to continue development and support.
+
+- **Bookmarking:** Stars serve as personal bookmarks for interesting projects you might want to reference or contribute to later.
+
+- **Professional Profile:** Your starred repositories appear on your GitHub profile, showcasing your interests and engagement with the developer community.
+
+
+### Value of Following Developers
+Following classmates, professors, and industry professionals provides significant benefits:
+
+- **Learning Opportunities:** You can see how experienced developers solve problems, structure projects, and write code.
+
+- **Networking:** Building connections within the DevOps community can lead to collaboration opportunities, job prospects, and knowledge sharing.
+
+- **Project Discovery:** Following others helps you discover new tools, libraries, and best practices through their activity and starred repositories.
+
+- **Community Building:** In educational settings, following classmates creates a supportive learning environment where you can share knowledge and help each other.
+
+- **Career Growth:** Following industry leaders keeps you updated on trends and shows potential employers your active engagement in the field.
\ No newline at end of file
diff --git a/app_python/docs/LAB02.md b/app_python/docs/LAB02.md
new file mode 100644
index 0000000000..9c3eb5ad4f
--- /dev/null
+++ b/app_python/docs/LAB02.md
@@ -0,0 +1,94 @@
+# Lab 2 — Docker Containerization Report
+
+## Docker Best Practices Applied
+
+- **Non-root user:**
+ `RUN useradd -m appuser` and `USER appuser` are used to avoid running the app as root, which improves security by following the principle of least privilege.This prevents container breakout attacks where an attacker could gain root access to the host system if a vulnerability is exploited
+
+- **Specific base image version:**
+ `FROM python:3.13-slim` ensures reproducibility and reduces image size by using a minimal Python image. Smaller attack surface, faster download/startup times, reduced storage costs.
+ ```
+ python:3.13-full: ~900MB
+ python:3.13-slim: ~195MB (79% reduction)
+ ```
+
+- **Minimal context and .dockerignore:**
+ The `.dockerignore` file excludes files unnecessary for the container (e.g., `.git/`, `__pycache__/`, `tests/`). This reduces build time and image size. Excluding ``.git/`` prevents source code history, API keys, or secrets from accidentally being baked into the image.
+
+- **Layer ordering for caching:**
+ `COPY requirements.txt .` and `RUN pip install ...` are placed before `COPY . .` so Docker caches dependencies installation if only the source code changes. In automated pipelines, proper layer caching can reduce build times from minutes to seconds, saving computational resources and speeding up deployments.
+
+- **Only necessary files are copied:**
+ The Dockerfile copies only files required to run the application. Smaller images transfer faster over networks — crucial for scaling across multiple nodes in production.
+
+- **`WORKDIR` instruction:** Setting `/app` as working directory improves organization. Ensures all subsequent commands (`COPY`, `RUN`, `CMD`) execute from /app rather than relying on relative paths which can break.
+
+- **No-cache pip install:** `--no-cache-dir` flag reduces image size by not storing pip cache. Pip's cache (typically 50-100MB) contains downloaded package wheels for faster reinstalls. This cache is useless in a production container but adds significant bloat.
+
+- **`EXPOSE` instruction:** Documents the port the application listens on (5000). Tools like Docker Compose and Kubernetes read `EXPOSE` to configure networking automatically.
+
+### Relevant Dockerfile snippets
+
+```dockerfile
+FROM python:3.13-slim
+
+WORKDIR /app
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+COPY . .
+RUN useradd -m appuser
+USER appuser
+EXPOSE 5000
+CMD ["python", "app.py"]
+```
+
+## Image Information & Decisions
+
+- **Base image:** ``python:3.13-slim`` (Smaller, faster to load, fewer vulnerabilities).
+- Final image size: 195 MB
+- Compresed image size (in Dockerhub): 45.5 MB
+- Layer structure: Dependencies are installed before code is copied, which optimizes for build caching.
+ - Layer 1: python:3.13-slim base image (~195MB)
+ - Layer 2: WORKDIR /app
+ - Layer 3: COPY requirements.txt
+ - Layer 4: RUN pip install... (dependencies layer)
+ - Layer 5: COPY . . (application code)
+ - Layer 6: RUN useradd... (security layer)
+ - Layer 7: Metadata (EXPOSE, CMD)
+- Optimization choices: Kept the number of layers minimal, excluded unnecessary development files.
+
+## Build & Run Process
+
+- Build output
+ 
+- Run output
+ 
+- Sample endpoint test
+ 
+
+Docker Hub URL: https://hub.docker.com/r/spalkkina/devops-info-service
+
+## Technical Analysis
+- **Strategic Layer Design for Cache Efficiency:**
+
+ The Dockerfile follows a "least volatile → most volatile" layer ordering strategy. Dependencies (requirements.txt) change infrequently, while application code changes frequently. By isolating dependencies in early layers, we maximize Docker's build cache utilization. This is critical in CI/CD pipelines where 90% of builds involve only code changes.
+
+- **Layer order:**
+
+ Changing the order (e.g., copying all files before installing dependencies) would invalidate the cache when any source code changes, so `pip install` would run every build. If we moved COPY . . before RUN pip install, a 1-byte change in app.py would invalidate the pip install layer cache, adding 30+ seconds to every build
+- **Security:**
+
+ Non-root, minimal base image, no unnecessary files copied, Secrets Protection
+- **`.dockerignore` advantage:**
+
+ Prevents large/insecure/unneeded files from being included, which keeps the image smaller and more secure. Prevents credentials from being baked into the image. Reduces information available to attackers if image is compromised.
+
+
+
+## Challenges & Solutions
+
+**Problem:** Determining Actual Image Size. Initially confused about which size metric to report. Docker CLI shows uncompressed size, while Docker Hub shows compressed size.
+
+**Solution:** Learned to use multiple commands for comprehensive understanding
+
+**Learning:** The 195MB local image compresses to 45.5MB on Docker Hub due to layer deduplication and compression algorithms.
diff --git a/app_python/docs/LAB03.md b/app_python/docs/LAB03.md
new file mode 100644
index 0000000000..a66a1198a5
--- /dev/null
+++ b/app_python/docs/LAB03.md
@@ -0,0 +1,148 @@
+# Lab 3 — Continuous Integration (CI/CD)
+
+## 1. Overview
+
+### Testing Framework: pytest
+I chose **pytest** for unit testing because:
+- **Simple syntax** — no boilerplate code, just `assert` statements
+- **Powerful fixtures** — easy to create test clients and shared resources
+- **Rich plugin ecosystem** — `pytest-cov` for coverage, integration with GitHub Actions
+- **Industry standard** — widely used in Python DevOps projects
+
+### Test Coverage
+| Endpoint | What is tested |
+|----------|----------------|
+| `GET /` | ✓ Status code 200
✓ JSON content type
✓ All 5 sections (service, system, runtime, request, endpoints)
✓ Service name, version, framework
✓ System fields presence and types
✓ Uptime format and validity
✓ Request info (method, path) |
+| `GET /health` | ✓ Status code 200
✓ Status = "healthy"
✓ Timestamp in ISO format
✓ Uptime seconds (positive integer) |
+| Error handling | ✓ 404 Not Found response structure
✓ Error message format |
+
+**Total tests:** 17 unit tests
+
+### CI Workflow Triggers
+The workflow runs on:
+- **Push** to `master` and `lab03` branches
+- **Pull request** targeting `master` branch
+
+**Why?**
+- Push triggers ensure every commit is tested
+- PR triggers catch issues before merging
+- Lab03 branch is included for active development
+
+### Versioning Strategy: Calendar Versioning (CalVer)
+I chose **CalVer** with format `YYYY.MM` (e.g., `2025.02`)
+
+**Rationale:**
+- This is a **service**, not a library — breaking changes don't require SemVer
+- Time-based versions are **easy to understand** and correlate with release dates
+- Perfect for **continuous deployment** — new version every month
+- Simple to implement in CI using `date` command
+
+**Docker tags:**
+- `spalkkina/devops-info-service:2026.02` — monthly version
+- `spalkkina/devops-info-service:latest` — most recent build
+
+---
+
+## 2. Workflow Evidence
+
+### Successful GitHub Actions Run
+🔗 [Link to workflow run](https://github.com/angel-palkina/DevOps-Core-Course/actions/runs/21921911777)
+
+### Tests Passing Locally
+
+
+### Docker Hub Image
+🔗 [Docker Hub repository](https://hub.docker.com/r/spalkkina/devops-info-service)
+
+| Tag | Size |
+|----------|-----------|
+| 2026.02 | 45.54 MB |
+| latest | 45.54 MB |
+
+### CI/CD Status
+
+
+
+## Best Practices Implemented
+- **Practice 1:** Dependency Caching
+
+ What: Caching pip packages using actions/setup-python@v5 built-in cache
+
+ Why: Speeds up workflow by ~104 seconds (no need to download packages every time)
+
+ Before: 2m 05s → After: 1m 01s
+
+- **Practice 2:** Job Dependencies (Fail Fast)
+
+ What: Docker job has needs: test — only runs if tests pass
+
+ Why: Prevents publishing broken images to Docker Hub
+
+- **Practice 3:** Conditional Execution
+
+ What: Docker job runs only on push, not on PRs
+
+ Why: Avoid pushing images from temporary PR branches
+
+- **Practice 4:** Security Scanning with Snyk
+
+ What: Integrated Snyk to scan dependencies for vulnerabilities
+
+ Why: Catch security issues before they reach production
+
+ Snyk Results: no vulnerable paths found.
+
+- **Practice 5:** Linting
+
+ What: flake8 runs on every commit
+
+ Why: Enforces code style consistency, catches syntax errors early
+
+## Key Decisions
+
+### Versioning Strategy: CalVer
+**Why CalVer?** This is a web service, not a shared library. Users don't need to know about breaking changes via version numbers — they just consume the latest API. CalVer clearly communicates when the image was built, which is more useful for operations teams.
+
+Alternative considered: SemVer — rejected because our app has no API consumers that pin versions.
+
+### Docker Tags
+What tags are created?
+
+- YYYY.MM (e.g., 2026.02) — monthly version
+
+- latest — points to the most recent build
+
+**Why two tags?**
+
+- latest is convenient for development and testing
+
+- Date-based tag provides a stable reference for production rollbacks
+
+### Workflow Triggers
+Why push + PR?
+
+- Push triggers ensure every commit is tested immediately
+
+- PR triggers prevent merging broken code into master
+
+Lab03 branch is included to test the workflow itself during development
+
+### Test Coverage
+What is tested?
+
+- All happy paths (200 OK responses)
+
+- Response structure and data types
+
+- Error handlers (404)
+
+- Helper functions
+
+What is NOT tested?
+
+- 500 error handler (requires mocking internal errors)
+
+- Actual hostname value (changes per environment)
+
+- IP address format (varies in CI)
+
diff --git a/app_python/docs/screenshots/01-main-endpoint.png b/app_python/docs/screenshots/01-main-endpoint.png
new file mode 100644
index 0000000000..ac11fa5644
Binary files /dev/null and b/app_python/docs/screenshots/01-main-endpoint.png differ
diff --git a/app_python/docs/screenshots/02-health-check.png b/app_python/docs/screenshots/02-health-check.png
new file mode 100644
index 0000000000..cf67c921ae
Binary files /dev/null and b/app_python/docs/screenshots/02-health-check.png differ
diff --git a/app_python/docs/screenshots/03-formatted-output.png b/app_python/docs/screenshots/03-formatted-output.png
new file mode 100644
index 0000000000..8f72401155
Binary files /dev/null and b/app_python/docs/screenshots/03-formatted-output.png differ
diff --git a/app_python/docs/screenshots/04 -terminal-build-output.png b/app_python/docs/screenshots/04 -terminal-build-output.png
new file mode 100644
index 0000000000..93764e5f0b
Binary files /dev/null and b/app_python/docs/screenshots/04 -terminal-build-output.png differ
diff --git a/app_python/docs/screenshots/05-run-app-output.png b/app_python/docs/screenshots/05-run-app-output.png
new file mode 100644
index 0000000000..baf13ebf1a
Binary files /dev/null and b/app_python/docs/screenshots/05-run-app-output.png differ
diff --git a/app_python/docs/screenshots/06-endpoint-test-with-docker.png b/app_python/docs/screenshots/06-endpoint-test-with-docker.png
new file mode 100644
index 0000000000..cb7be8e994
Binary files /dev/null and b/app_python/docs/screenshots/06-endpoint-test-with-docker.png differ
diff --git a/app_python/docs/screenshots/07-test-output.png b/app_python/docs/screenshots/07-test-output.png
new file mode 100644
index 0000000000..b2289cb27b
Binary files /dev/null and b/app_python/docs/screenshots/07-test-output.png differ
diff --git a/app_python/docs/screenshots/08-test-coverage-output.png b/app_python/docs/screenshots/08-test-coverage-output.png
new file mode 100644
index 0000000000..2f14bea072
Binary files /dev/null and b/app_python/docs/screenshots/08-test-coverage-output.png differ
diff --git a/app_python/requirements-dev.txt b/app_python/requirements-dev.txt
new file mode 100644
index 0000000000..d3443530ee
--- /dev/null
+++ b/app_python/requirements-dev.txt
@@ -0,0 +1,10 @@
+Flask==2.3.3
+
+# Testing
+pytest==8.0.0
+pytest-cov==5.0.0
+
+# Linting
+pylint==3.0.3
+flake8==7.0.0
+black==24.2.0
\ No newline at end of file
diff --git a/app_python/requirements.txt b/app_python/requirements.txt
new file mode 100644
index 0000000000..78180a1ad1
--- /dev/null
+++ b/app_python/requirements.txt
@@ -0,0 +1 @@
+Flask==3.1.0
\ No newline at end of file
diff --git a/app_python/tests/__init__.py b/app_python/tests/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/app_python/tests/test_app.py b/app_python/tests/test_app.py
new file mode 100644
index 0000000000..044e6f9d17
--- /dev/null
+++ b/app_python/tests/test_app.py
@@ -0,0 +1,192 @@
+"""
+Unit tests for DevOps Info Service Flask application.
+"""
+
+import pytest
+import sys
+import os
+from datetime import datetime
+
+# Добавляем путь к app.py чтобы импортировать
+sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+
+from app import app, get_system_info, get_uptime, get_service_info
+
+@pytest.fixture
+def client():
+ """Фикстура: создаём тестовый клиент Flask"""
+ app.config['TESTING'] = True
+ with app.test_client() as client:
+ yield client
+
+# ========== ТЕСТЫ ДЛЯ ЭНДПОИНТА / ==========
+
+def test_index_status_code(client):
+ """Тест 1: Проверяем, что главная страница возвращает 200 OK"""
+ response = client.get('/')
+ assert response.status_code == 200
+
+def test_index_is_json(client):
+ """Тест 2: Проверяем, что ответ — это JSON"""
+ response = client.get('/')
+ assert response.is_json
+
+def test_index_has_required_sections(client):
+ """Тест 3: Проверяем, что есть все основные секции"""
+ response = client.get('/')
+ data = response.get_json()
+
+ assert 'service' in data
+ assert 'system' in data
+ assert 'runtime' in data
+ assert 'request' in data
+ assert 'endpoints' in data
+
+def test_index_service_info(client):
+ """Тест 4: Проверяем информацию о сервисе"""
+ response = client.get('/')
+ service = response.get_json()['service']
+
+ assert service['name'] == 'devops-info-service'
+ assert service['version'] == '1.0.0'
+ assert service['framework'] == 'Flask'
+ assert isinstance(service['description'], str)
+
+def test_index_system_info_fields(client):
+ """Тест 5: Проверяем, что системная информация содержит все поля"""
+ response = client.get('/')
+ system = response.get_json()['system']
+
+ expected_fields = ['hostname', 'platform', 'platform_version',
+ 'architecture', 'cpu_count', 'python_version']
+
+ for field in expected_fields:
+ assert field in system
+
+ # Проверяем типы данных
+ assert isinstance(system['hostname'], str)
+ assert isinstance(system['cpu_count'], int)
+ assert isinstance(system['python_version'], str)
+
+def test_index_runtime_info(client):
+ """Тест 6: Проверяем информацию о времени работы"""
+ response = client.get('/')
+ runtime = response.get_json()['runtime']
+
+ assert 'uptime_seconds' in runtime
+ assert 'uptime_human' in runtime
+ assert 'current_time' in runtime
+ assert 'timezone' in runtime
+
+ # uptime_seconds должен быть положительным числом
+ assert runtime['uptime_seconds'] >= 0
+ assert isinstance(runtime['uptime_seconds'], int)
+
+def test_index_request_info(client):
+ """Тест 7: Проверяем информацию о запросе"""
+ response = client.get('/')
+ request_info = response.get_json()['request']
+
+ assert 'client_ip' in request_info
+ assert 'user_agent' in request_info
+ assert 'method' in request_info
+ assert 'path' in request_info
+
+ assert request_info['method'] == 'GET'
+ assert request_info['path'] == '/'
+
+def test_index_endpoints_list(client):
+ """Тест 8: Проверяем список эндпоинтов"""
+ response = client.get('/')
+ endpoints = response.get_json()['endpoints']
+
+ assert isinstance(endpoints, list)
+ assert len(endpoints) >= 2
+
+ # Проверяем, что есть / и /health
+ paths = [e['path'] for e in endpoints]
+ assert '/' in paths
+ assert '/health' in paths
+
+# ========== ТЕСТЫ ДЛЯ ЭНДПОИНТА /HEALTH ==========
+
+def test_health_status_code(client):
+ """Тест 9: Проверяем, что health endpoint доступен"""
+ response = client.get('/health')
+ assert response.status_code == 200
+
+def test_health_is_json(client):
+ """Тест 10: Проверяем, что health возвращает JSON"""
+ response = client.get('/health')
+ assert response.is_json
+
+def test_health_response_structure(client):
+ """Тест 11: Проверяем структуру ответа health"""
+ response = client.get('/health')
+ data = response.get_json()
+
+ assert 'status' in data
+ assert 'timestamp' in data
+ assert 'uptime_seconds' in data
+
+ assert data['status'] == 'healthy'
+ assert data['uptime_seconds'] >= 0
+
+def test_health_timestamp_format(client):
+ """Тест 12: Проверяем, что timestamp в правильном формате"""
+ response = client.get('/health')
+ timestamp = response.get_json()['timestamp']
+
+ # Пробуем распарсить ISO формат даты
+ try:
+ datetime.fromisoformat(timestamp.replace('Z', '+00:00'))
+ is_valid = True
+ except ValueError:
+ is_valid = False
+
+ assert is_valid
+
+# ========== ТЕСТЫ ДЛЯ ОБРАБОТЧИКОВ ОШИБОК ==========
+
+def test_404_not_found(client):
+ """Тест 13: Проверяем, что несуществующий путь возвращает 404"""
+ response = client.get('/non-existent-path')
+ assert response.status_code == 404
+
+ data = response.get_json()
+ assert 'error' in data
+ assert 'message' in data
+ assert data['error'] == 'Not Found'
+
+def test_method_not_allowed(client):
+ """Тест 14: Проверяем POST на GET endpoint"""
+ response = client.post('/')
+ assert response.status_code in [405, 404] # 405 Method Not Allowed
+
+# ========== ТЕСТЫ ДЛЯ ХЕЛПЕР-ФУНКЦИЙ ==========
+
+def test_get_system_info_function():
+ """Тест 15: Проверяем функцию get_system_info"""
+ info = get_system_info()
+
+ assert isinstance(info, dict)
+ assert 'hostname' in info
+ assert 'platform' in info
+ assert 'cpu_count' in info
+ assert info['cpu_count'] > 0
+
+def test_get_uptime_function():
+ """Тест 16: Проверяем функцию get_uptime"""
+ uptime = get_uptime()
+
+ assert 'seconds' in uptime
+ assert 'human' in uptime
+ assert uptime['seconds'] >= 0
+ assert isinstance(uptime['human'], str)
+
+def test_get_service_info_function():
+ """Тест 17: Проверяем функцию get_service_info"""
+ info = get_service_info()
+
+ assert info['name'] == 'devops-info-service'
+ assert info['version'] == '1.0.0'
\ No newline at end of file
diff --git a/pulumi/.gitignore b/pulumi/.gitignore
new file mode 100644
index 0000000000..a3807e5bdb
--- /dev/null
+++ b/pulumi/.gitignore
@@ -0,0 +1,2 @@
+*.pyc
+venv/
diff --git a/pulumi/Pulumi.yaml b/pulumi/Pulumi.yaml
new file mode 100644
index 0000000000..39ac3d6c97
--- /dev/null
+++ b/pulumi/Pulumi.yaml
@@ -0,0 +1,11 @@
+name: project
+description: A minimal Python Pulumi program
+runtime:
+ name: python
+ options:
+ toolchain: pip
+ virtualenv: venv
+config:
+ pulumi:tags:
+ value:
+ pulumi:template: python
diff --git a/pulumi/__main__.py b/pulumi/__main__.py
new file mode 100644
index 0000000000..2ba54cc26d
--- /dev/null
+++ b/pulumi/__main__.py
@@ -0,0 +1,89 @@
+"""Pulumi program for Yandex Cloud VM infrastructure"""
+
+import pulumi
+import pulumi_yandex as yandex
+import json
+
+# Конфигурация
+config = pulumi.Config()
+cloud_id = config.get("cloud_id") or "b1ghfahdukhmskkq1sh"
+folder_id = config.get("folder_id") or "b1goafhlbrpmfacul97b"
+zone = config.get("zone") or "ru-central1-a"
+
+# Читаем SSH ключ
+with open("C:/Users/sofia/.ssh/id_rsa.pub", "r") as f:
+ ssh_key = f.read().strip()
+
+# Cloud-init конфигурация для пользователя
+user_data = f"""#cloud-config
+users:
+ - name: ubuntu
+ groups: sudo
+ shell: /bin/bash
+ sudo: ['ALL=(ALL) NOPASSWD:ALL']
+ ssh-authorized-keys:
+ - {ssh_key}
+"""
+
+# Создаем VPC сеть
+network = yandex.VpcNetwork("network-1",
+ name="pulumi-network",
+ labels={
+ "environment": "dev",
+ "project": "devops-lab4",
+ "owner": "angel-palkina",
+ "managed_by": "pulumi"
+ }
+)
+
+# Создаем подсеть
+subnet = yandex.VpcSubnet("subnet-1",
+ name="pulumi-subnet",
+ zone=zone,
+ network_id=network.id,
+ v4_cidr_blocks=["192.168.20.0/24"],
+ labels={
+ "environment": "dev",
+ "project": "devops-lab4",
+ "owner": "angel-palkina",
+ "managed_by": "pulumi"
+ }
+)
+
+# Создаем виртуальную машину
+vm = yandex.ComputeInstance("vm-1",
+ name="pulumi-vm",
+ platform_id="standard-v2",
+ zone=zone,
+ resources=yandex.ComputeInstanceResourcesArgs(
+ cores=2,
+ memory=2,
+ ),
+ boot_disk=yandex.ComputeInstanceBootDiskArgs(
+ initialize_params=yandex.ComputeInstanceBootDiskInitializeParamsArgs(
+ image_id="fd8autg36kchufhej85b", # Ubuntu 22.04
+ size=10,
+ ),
+ ),
+ network_interfaces=[yandex.ComputeInstanceNetworkInterfaceArgs(
+ subnet_id=subnet.id,
+ nat=True,
+ )],
+ metadata={
+ "user-data": user_data
+ },
+ labels={
+ "environment": "dev",
+ "project": "devops-lab4",
+ "owner": "angel-palkina",
+ "managed_by": "pulumi"
+ }
+)
+
+# Outputs
+pulumi.export("vm_id", vm.id)
+pulumi.export("vm_name", vm.name)
+pulumi.export("vm_external_ip", vm.network_interfaces[0].nat_ip_address)
+pulumi.export("vm_internal_ip", vm.network_interfaces[0].ip_address)
+pulumi.export("network_id", network.id)
+pulumi.export("subnet_id", subnet.id)
\ No newline at end of file
diff --git a/pulumi/requirements.txt b/pulumi/requirements.txt
new file mode 100644
index 0000000000..bc4e43087b
--- /dev/null
+++ b/pulumi/requirements.txt
@@ -0,0 +1 @@
+pulumi>=3.0.0,<4.0.0
diff --git a/terraform/.gitignore b/terraform/.gitignore
new file mode 100644
index 0000000000..d2e8cdec48
--- /dev/null
+++ b/terraform/.gitignore
@@ -0,0 +1,24 @@
+# Local .terraform directories
+.terraform/
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Sensitive files
+key.json
+*.tfvars
+*.tfvars.json
+
+# Lock file (опционально)
+.terraform.lock.hcl
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Override files
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
\ No newline at end of file
diff --git a/terraform/docs/LAB04-bonus.md b/terraform/docs/LAB04-bonus.md
new file mode 100644
index 0000000000..ce4d3854ef
--- /dev/null
+++ b/terraform/docs/LAB04-bonus.md
@@ -0,0 +1,122 @@
+# Lab 04 Bonus: IaC CI/CD Pipeline
+
+**Author:** Angel Palkina
+**Date:** 2026-02-19
+**Course:** DevOps Core Course
+
+
+## 🛠️ Tools & Technologies
+
+| Tool | Version | Purpose |
+|------|---------|---------|
+| **GitHub Actions** | - | CI/CD automation platform |
+| **Terraform** | 1.10.x | Infrastructure as Code |
+| **TFLint** | 0.61.0 | Terraform linter |
+| **tfsec** | 1.0.3 | Security scanner for Terraform |
+| **github-script** | v7 | PR automation |
+
+---
+
+## Workflow Implementation
+
+### File Structure
+
+```
+.github/workflows/
+├── python-ci.yml # Python application CI (improved with path filters)
+└── terraform-ci.yml # NEW: Terraform validation workflow
+```
+
+
+## Path Filter Configuration
+
+### Problem Statement
+
+**Before:** All workflows triggered on any file change
+- Python CI ran on Terraform changes
+- Wasted GitHub Actions minutes
+- Confusing workflow results
+
+**After:** Workflows trigger only on relevant files
+- Python CI → `app_python/**` only
+- Terraform CI → `terraform/**` only
+- Efficient resource usage
+
+
+## TFLint Configuration & Results
+
+### Local Testing Results
+
+**Commands executed:**
+
+```bash
+cd terraform
+
+# Format check
+terraform fmt -check -recursive
+# No output = all files formatted correctly
+
+# Initialize
+terraform init -backend=false
+# Success
+
+# Validate
+terraform validate
+# Success! The configuration is valid.
+
+# TFLint
+tflint --init
+# Installing plugins...
+
+tflint --recursive
+# No issues found!
+```
+
+**All checks passed locally before pushing to CI! **
+
+
+## Workflow Execution Examples
+
+### Example 1: Successful Validation (Push to branch)
+
+
+
+### Example 2: Pull Request with Comments
+
+**Trigger:** Create PR from `lab04-bonus` to `lab04`
+
+
+
+### Example 3: Format Error Detection
+
+**Scenario:** Intentionally break formatting
+
+**Workflow Result:**
+
+```
+✓ Terraform Format Check (⚠️ warning)
+ Error: main.tf needs formatting
+
+✓ Terraform Init (✅ success)
+✓ Terraform Validate (✅ success)
+✓ Run TFLint (✅ success)
+⚠️ Warning if format or lint fails
+ Format status: failure
+ Please fix these issues, but workflow will not fail.
+```
+
+**PR Comment:**
+
+```markdown
+| **Terraform Format** | `failure` |
+
+❌ Some files need formatting. Run: `terraform fmt -recursive`
+```
+
+**Workflow:** Completes with warning (doesn't fail)
+
+
+## 📚 References & Resources
+
+**Documentation:**
+- [GitHub Actions Documentation](https://docs.github.com/en/actions)
diff --git a/terraform/docs/LAB04.md b/terraform/docs/LAB04.md
new file mode 100644
index 0000000000..fdbb14418b
--- /dev/null
+++ b/terraform/docs/LAB04.md
@@ -0,0 +1,329 @@
+# Lab 04: Infrastructure as Code with Terraform and Pulumi
+
+**Author:** Sofia Palkina
+**Date:** 2026-02-19
+**Course:** DevOps Core Course
+
+
+## 🛠️ Tools Used
+
+| Tool | Version | Purpose |
+|------|---------|---------|
+| **Terraform** | v1.10.6 | Infrastructure as Code (HCL) |
+| **Pulumi** | v3.222.0 | Infrastructure as Code (Python) |
+| **Yandex Cloud CLI** | Latest | Cloud provider CLI |
+| **Python** | 3.12.10 | Pulumi runtime |
+| **Git** | Latest | Version control |
+
+
+## Cloud Provider & Infrastructure
+
+### Cloud Provider Selection
+
+**Provider:** Yandex Cloud
+
+**Rationale:**
+- ✅ **Free Tier Available** - 60-day trial with ₽4000 (~$50) free credits
+- ✅ **Russian Data Centers** - Low latency for local users
+- ✅ **Terraform Support** - Official provider available
+- ✅ **Pulumi Support** - Community provider available
+- ✅ **Good Documentation** - Comprehensive guides in Russian/English
+- ✅ **Educational Focus** - Suitable for learning IaC concepts
+
+### Instance Configuration
+
+**Instance Type:** `standard-v2`
+
+**Specifications:**
+- **vCPU:** 2 cores
+- **RAM:** 2 GB
+- **Disk:** 10 GB SSD
+- **OS:** Ubuntu 22.04 LTS (Jammy Jellyfish)
+- **Image ID:** `fd8autg36kchufhej85b`
+
+### Region & Zone Selection
+
+**Region:** `ru-central1` (Moscow)
+**Zone:** `ru-central1-a`
+
+### Cost Analysis
+
+| Resource | Specification | Monthly Cost | Lab Cost |
+|----------|--------------|--------------|----------|
+| **VM Instance** | 2 vCPU, 2GB RAM | ~₽600 (~$7) | ₽0 (Free Tier) |
+| **Public IP** | 1 static IP | ~₽150 (~$2) | ₽0 (Free Tier) |
+| **Disk Storage** | 10 GB SSD | ~₽50 (~$0.60) | ₽0 (Free Tier) |
+| **Network Traffic** | Minimal (<1GB) | ~₽10 (~$0.12) | ₽0 (Free Tier) |
+| **Total** | - | ~₽810 (~$10) | **₽0** |
+
+
+### Resources Created
+
+#### Terraform Infrastructure
+
+| Resource Type | Resource Name | ID | Purpose |
+|--------------|---------------|-----|---------|
+| **VPC Network** | `terraform-network` | `enp79hgfkbvn1shvdt0r` | Virtual network isolation |
+| **Subnet** | `terraform-subnet` | `e9bvuhc7rgc0pjm4njrq` | IP address range (192.168.10.0/24) |
+| **VM Instance** | `terraform-vm` | `fhmgbm8ggh1ktbvk2r31` | Ubuntu 22.04 compute instance |
+| **Public IP** | Auto-assigned | `158.160.148.30` | External access via NAT |
+
+**Total Resources:** 4 (including implicit NAT gateway)
+
+#### Pulumi Infrastructure
+
+| Resource Type | Resource Name | ID | Purpose |
+|--------------|---------------|-----|---------|
+| **VPC Network** | `pulumi-network` | `enpb06dvuvmq35tmgo6u` | Virtual network isolation |
+| **Subnet** | `pulumi-subnet` | `e9bt7r810el7oc3jjvem` | IP address range (192.168.20.0/24) |
+| **VM Instance** | `pulumi-vm` | `fhm8t59hlemrrv4miqt7` | Ubuntu 22.04 compute instance |
+| **Public IP** | Auto-assigned | `46.21.245.184` | External access via NAT |
+
+**Total Resources:** 4 (including implicit NAT gateway)
+
+**Resource Labels (Both Implementations):**
+```yaml
+environment: dev
+project: devops-lab4
+owner: angel-palkina
+managed_by: terraform/pulumi
+```
+
+---
+
+## Terraform Infrastructure
+
+### Project Structure Explanation
+
+```
+terraform/
+├── main.tf # Main infrastructure definition
+│ ├── Provider configuration (Yandex Cloud)
+│ ├── VPC Network resource
+│ ├── Subnet resource
+│ └── VM Instance resource
+│
+├── variables.tf # Input variable declarations
+│ ├── cloud_id (Yandex Cloud ID)
+│ ├── folder_id (Yandex Folder ID)
+│ └── zone (Deployment zone)
+│
+├── outputs.tf # Output value definitions
+│ ├── VM external IP
+│ ├── VM internal IP
+│ ├── Network ID
+│ └── Subnet ID
+│
+├── terraform.tfvars # Variable values (gitignored)
+├── key.json # Service account key (gitignored)
+├── cloud-init.yaml # VM initialization script
+├── .terraform/ # Provider plugins (gitignored)
+└── terraform.tfstate # State file (gitignored)
+```
+
+**Key Design Decisions:**
+
+1. **Separate Variable Files**
+ - `variables.tf` - declarations only
+ - `terraform.tfvars` - actual values
+ - **Benefit:** Reusability across environments
+
+2. **Cloud-Init Template**
+ - Separate YAML file for user-data
+ - SSH key injected via `templatefile()`
+ - **Benefit:** Clean separation of concerns
+
+3. **Resource Labeling**
+ - Consistent labels across all resources
+ - Includes: environment, project, owner, managed_by
+ - **Benefit:** Easy resource tracking and cost allocation
+
+4. **Output Values**
+ - Exported IPs and resource IDs
+ - Used for connecting/referencing resources
+ - **Benefit:** Easy integration with other tools
+
+### Installation
+```
+terraform version
+# Output: Terraform v1.10.6
+```
+
+### Deployment Process
+
+```bash
+
+# Validate configuration
+terraform validate
+
+# Plan changes
+terraform plan
+
+# Apply configuration
+terraform apply
+```
+
+
+### Terraform Results
+
+```
+Outputs:
+
+network_id = "enp79hgfkbvn1shvdt0r"
+subnet_id = "e9bvuhc7rgc0pjm4njrq"
+vm_external_ip = "158.160.148.30"
+vm_id = "fhmgbm8ggh1ktbvk2r31"
+vm_internal_ip = "192.168.10.8"
+vm_name = "terraform-vm"
+```
+
+**SSH Connection**
+
+```bash
+ssh ubuntu@158.160.148.30
+```
+
+
+**Terraform destroy output**
+
+## Pulumi Infrastructure
+
+### Installation
+
+Programming language chosen for Pulumi - Python
+
+pulumi version - v3.222.0
+
+
+### Deployment Process
+
+```powershell
+# Set environment variable for service account key
+$env:YC_SERVICE_ACCOUNT_KEY_FILE = "key.json"
+
+# Configure Pulumi
+pulumi config set yandex:cloud_id b1ghfahdukhmskkq1sh
+pulumi config set yandex:folder_id b1goafhlbrpmfacul97b
+pulumi config set yandex:zone ru-central1-a
+
+# Preview changes
+pulumi preview
+
+```
+
+```powershell
+# Deploy infrastructure
+pulumi up
+```
+
+
+### Pulumi Outputs
+
+```
+Outputs:
+ network_id : "enpb06dvuvmq35tmgo6u"
+ subnet_id : "e9bt7r810el7oc3jjvem"
+ vm_external_ip: "46.21.245.184"
+ vm_id : "fhm8t59hlemrrv4miqt7"
+ vm_internal_ip: "192.168.20.16"
+ vm_name : "pulumi-vm"
+
+```
+
+**SSH Connection Test:**
+
+```bash
+ssh ubuntu@46.21.245.184
+```
+
+
+## Comparison: Terraform vs Pulumi
+
+| Aspect | Terraform | Pulumi |
+|--------|-----------|--------|
+| **Language** | HCL (HashiCorp Configuration Language) | Python (also TypeScript, Go, C#) |
+| **Learning Curve** | Low - declarative DSL | Medium - requires programming knowledge |
+| **State Management** | Local or remote backend | Local or Pulumi Cloud |
+| **Type Safety** | Limited | Strong (with programming language) |
+| **Testing** | Limited native support | Full unit/integration testing support |
+| **Code Reusability** | Modules | Functions, classes, packages |
+| **Debugging** | Limited | Full IDE debugging support |
+| **Community** | Very large, mature | Growing rapidly |
+| **Deployment Time** | ~60s (3 resources) | ~54s (4 resources) |
+| **Resource Definition** | Declarative blocks | Object-oriented code |
+| **Documentation** | Extensive | Good, improving |
+
+
+
+### Terraform Advantages:
+- **Simpler syntax** - easier for beginners
+- **Declarative approach** - clear infrastructure definition
+- **Wide adoption** - industry standard
+- **Better documentation** - comprehensive resources
+
+### Pulumi Advantages:
+- **Real programming language** - Python/TypeScript/Go
+- **Better code reusability** - functions, classes, modules
+- **IDE support** - autocomplete, refactoring, debugging
+- **Testing capabilities** - unit tests, mocking
+- **Dynamic configuration** - loops, conditionals, etc.
+
+## When to Use What?
+
+**Use Terraform when:**
+- Team prefers declarative approach
+- Need maximum provider support
+- Working with existing Terraform modules
+- Simple infrastructure without complex logic
+
+**Use Pulumi when:**
+- Team has strong programming background
+- Need complex logic and abstractions
+- Want to write unit tests for infrastructure
+- Prefer using familiar programming languages
+
+
+## Challenges
+
+### 1. Python Version Compatibility
+**Problem:** Pulumi provider `pulumi-yandex` v0.13.0 requires `pkg_resources` which is deprecated in Python 3.14.
+
+**Solution:** Downgraded to Python 3.12.10 and installed older setuptools:
+```powershell
+pip install setuptools==69.0.0
+```
+
+### Lab 5 VM Decision
+
+**Strategy:** **Destroying both VMs. Will recreate cloud VM with Terraform**
+
+**Rationale:**
+- Practice infrastructure destruction (important IaC skill)
+- Leverages Lab 4 learning
+- Can modify configuration as needed for Lab 5
+
+### Post-Cleanup Verification
+
+**Check all resources are deleted:**
+
+```bash
+# List all VMs (should be empty)
+yc compute instance list
+
+# List all networks (should only show default)
+yc vpc network list
+
+# List all subnets (should only show defaults)
+yc vpc subnet list
+
+# Check remaining free tier credits
+yc billing account list
+```
+
+## 📚 References
+
+- [Terraform Documentation](https://www.terraform.io/docs)
+- [Pulumi Documentation](https://www.pulumi.com/docs/)
+- [Yandex Cloud Terraform Provider](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs)
+- [Yandex Cloud Pulumi Provider](https://www.pulumi.com/registry/packages/yandex/)
+
diff --git a/terraform/docs/images/image-1.png b/terraform/docs/images/image-1.png
new file mode 100644
index 0000000000..81f4480951
Binary files /dev/null and b/terraform/docs/images/image-1.png differ
diff --git a/terraform/docs/images/image-2.png b/terraform/docs/images/image-2.png
new file mode 100644
index 0000000000..0d532feefc
Binary files /dev/null and b/terraform/docs/images/image-2.png differ
diff --git a/terraform/docs/images/image-3.png b/terraform/docs/images/image-3.png
new file mode 100644
index 0000000000..e84dbd3f84
Binary files /dev/null and b/terraform/docs/images/image-3.png differ
diff --git a/terraform/docs/images/image-4.png b/terraform/docs/images/image-4.png
new file mode 100644
index 0000000000..453df3908a
Binary files /dev/null and b/terraform/docs/images/image-4.png differ
diff --git a/terraform/docs/images/image-5.png b/terraform/docs/images/image-5.png
new file mode 100644
index 0000000000..dfd20c1963
Binary files /dev/null and b/terraform/docs/images/image-5.png differ
diff --git a/terraform/docs/images/image-6.png b/terraform/docs/images/image-6.png
new file mode 100644
index 0000000000..447b9b073a
Binary files /dev/null and b/terraform/docs/images/image-6.png differ
diff --git a/terraform/docs/images/image-7.png b/terraform/docs/images/image-7.png
new file mode 100644
index 0000000000..b4aa9bbfc8
Binary files /dev/null and b/terraform/docs/images/image-7.png differ
diff --git a/terraform/docs/images/image.png b/terraform/docs/images/image.png
new file mode 100644
index 0000000000..ee80feeb74
Binary files /dev/null and b/terraform/docs/images/image.png differ
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000000..7e89ade5d3
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,67 @@
+resource "yandex_compute_instance" "vm-1" {
+ name = var.vm_name
+ platform_id = "standard-v2"
+ zone = var.zone
+
+ labels = {
+ environment = var.environment
+ project = var.project
+ owner = var.owner
+ managed_by = "terraform"
+ }
+
+ resources {
+ cores = var.vm_cores
+ memory = var.vm_memory
+ }
+
+ boot_disk {
+ initialize_params {
+ image_id = var.vm_image_id
+ size = var.vm_disk_size
+ }
+ }
+
+ network_interface {
+ subnet_id = yandex_vpc_subnet.subnet-1.id
+ nat = true
+ }
+
+ metadata = {
+ user-data = <<-EOT
+ #cloud-config
+ users:
+ - name: ubuntu
+ groups: sudo
+ shell: /bin/bash
+ sudo: ['ALL=(ALL) NOPASSWD:ALL']
+ ssh-authorized-keys:
+ - ${file(pathexpand(var.ssh_public_key_path))}
+ EOT
+ }
+}
+
+resource "yandex_vpc_network" "network-1" {
+ name = var.network_name
+
+ labels = {
+ environment = var.environment
+ project = var.project
+ owner = var.owner
+ managed_by = "terraform"
+ }
+}
+
+resource "yandex_vpc_subnet" "subnet-1" {
+ name = var.subnet_name
+ zone = var.zone
+ network_id = yandex_vpc_network.network-1.id
+ v4_cidr_blocks = var.subnet_cidr
+
+ labels = {
+ environment = var.environment
+ project = var.project
+ owner = var.owner
+ managed_by = "terraform"
+ }
+}
\ No newline at end of file
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
new file mode 100644
index 0000000000..0e48f77954
--- /dev/null
+++ b/terraform/outputs.tf
@@ -0,0 +1,14 @@
+output "vm_external_ip" {
+ description = "External IP address of the VM"
+ value = yandex_compute_instance.vm-1.network_interface[0].nat_ip_address
+}
+
+output "vm_internal_ip" {
+ description = "Internal IP address of the VM"
+ value = yandex_compute_instance.vm-1.network_interface[0].ip_address
+}
+
+output "vm_id" {
+ description = "ID of the VM"
+ value = yandex_compute_instance.vm-1.id
+}
\ No newline at end of file
diff --git a/terraform/provider.tf b/terraform/provider.tf
new file mode 100644
index 0000000000..2931f24f38
--- /dev/null
+++ b/terraform/provider.tf
@@ -0,0 +1,18 @@
+terraform {
+ required_providers {
+ yandex = {
+ source = "yandex-cloud/yandex"
+ version = "~> 0.100"
+ }
+ }
+ required_version = ">= 1.0"
+}
+
+provider "yandex" {
+ # Service account key file is only used locally
+ # In CI/CD, authentication is skipped (validation only)
+ service_account_key_file = fileexists("${path.module}/key.json") ? "${path.module}/key.json" : null
+ cloud_id = var.cloud_id
+ folder_id = var.folder_id
+ zone = var.zone
+}
\ No newline at end of file
diff --git a/terraform/variables.tf b/terraform/variables.tf
new file mode 100644
index 0000000000..9ec8c83130
--- /dev/null
+++ b/terraform/variables.tf
@@ -0,0 +1,89 @@
+variable "cloud_id" {
+ description = "Yandex Cloud ID"
+ type = string
+ default = "b1ghfahdukhmskkq1sh"
+}
+
+variable "folder_id" {
+ description = "Yandex Cloud Folder ID"
+ type = string
+ default = "b1goafhlbrpmfacul97b"
+}
+
+variable "zone" {
+ description = "Yandex Cloud Zone"
+ type = string
+ default = "ru-central1-a"
+}
+
+variable "vm_name" {
+ description = "Name of the virtual machine"
+ type = string
+ default = "terraform-vm"
+}
+
+variable "vm_cores" {
+ description = "Number of CPU cores"
+ type = number
+ default = 2
+}
+
+variable "vm_memory" {
+ description = "Amount of memory in GB"
+ type = number
+ default = 2
+}
+
+variable "vm_disk_size" {
+ description = "Boot disk size in GB"
+ type = number
+ default = 10
+}
+
+variable "vm_image_id" {
+ description = "OS image ID (Ubuntu 22.04)"
+ type = string
+ default = "fd8autg36kchufhej85b"
+}
+
+variable "ssh_public_key_path" {
+ description = "Path to SSH public key"
+ type = string
+ default = "~/.ssh/id_rsa.pub"
+}
+
+variable "network_name" {
+ description = "Name of the VPC network"
+ type = string
+ default = "network1"
+}
+
+variable "subnet_name" {
+ description = "Name of the subnet"
+ type = string
+ default = "subnet1"
+}
+
+variable "subnet_cidr" {
+ description = "CIDR block for subnet"
+ type = list(string)
+ default = ["192.168.10.0/24"]
+}
+
+variable "environment" {
+ description = "Environment name (dev, staging, prod)"
+ type = string
+ default = "dev"
+}
+
+variable "project" {
+ description = "Project name"
+ type = string
+ default = "devops-lab4"
+}
+
+variable "owner" {
+ description = "Owner of the resources"
+ type = string
+ default = "angel-palkina"
+}
\ No newline at end of file