Merge pull request #2054 from IPvSean/devel

containerized AAP switch for network workshop

.gitignore

@@ -33,6 +33,7 @@ provisioner/workshop_specific/roles/geerlingguy.repo-epel/
 provisioner/roles/ansible_security.ids_config/
 provisioner/roles/ansible_security.ids_install/
 provisioner/roles/geerlingguy.repo-epel/
+provisioner/ansible-automation-platform*
 .pyc
 .swp
 Gemfile.lock

README.md

@@ -19,7 +19,7 @@ The Red Hat Ansible Automation Workshops project is intended for effectively dem
 | Workshop   | Public Deck | Red Hat Internal  | Exercises  | Workshop Type Var   |
 |---|---|---|---|---|
 | **[Ansible Red Hat Enterprise Linux Workshop](./exercises/ansible_rhel)** <br> focused on automating Linux platforms like Red Hat Enterprise Linux  | [PDF](./decks/ansible_rhel.pdf) | [Google Source](https://docs.google.com/presentation/d/1O2Gj5r_fhjM5Pi5FizrZRInmZ37IlpeKPTP6jSZxEKs/edit?usp=sharing) | [Exercises](./exercises/ansible_rhel)  | `workshop_type: rhel`  |
-| **[Ansible Config as Code Workshop](./exercises/ansible_config_as_code)** <br> focused on config as code for AAP | [PDF](./decks/config_as_code.pdf) | [Google Source](https://docs.google.com/presentation/d/1F6W8p0MG878AC3Q1CsNZHfhX5VkEyGKbwDHACQtoLPI) | [Exercises](./exercises/ansible_config_as_code)   | `workshop_type: config_as_code` |
+| **[Ansible Config as Code Workshop](./exercises/ansible_config_as_code)** <br> focused on config as code for AAP | [PDF](./decks/config_as_code.pdf) | [Google Source](https://docs.google.com/presentation/d/1F6W8p0MG878AC3Q1CsNZHfhX5VkEyGKbwDHACQtoLPI) | [Exercises](./exercises/ansible_config_as_code)   | `workshop_type: configascode` |
 | **[Ansible Network Automation Workshop](./exercises/ansible_network)** <br> focused on router and switch platforms like Arista, Cisco, Juniper   | [PDF](./decks/ansible_network.pdf) | [Google Source](https://docs.google.com/presentation/d/1PIT-kGAGMVEEK8PsuZCoyzFC5CIzLBwdnftnUsdUNWQ/edit?usp=sharing) | [Exercises](./exercises/ansible_network)  | `workshop_type: network`  |
 | **[Ansible Security Automation](./exercises/ansible_security)** <br> focused on automation of security tools like Check Point Firewall, IBM QRadar and the IDS Snort  | [PDF](./decks/ansible_security.pdf) | [Google Source](https://docs.google.com/presentation/d/19gVCBz1BmxC15tDDj-FUlUd_jUUUKay81E8F24cyUjk/edit?usp=sharing) | [Exercises](./exercises/ansible_security)   | `workshop_type: security` |
 | **[Ansible Windows Automation Workshop](./exercises/ansible_windows)** <br> focused on automation of Microsoft Windows  | [PDF](./decks/ansible_windows.pdf) | [Google Source](https://docs.google.com/presentation/d/1RO5CQiCoqLDES1NvTI_1fQrR-oWM1NuW-uB0JRvtJzE) | [Exercises](./exercises/ansible_windows)   | `workshop_type: windows` |

exercises/ansible_network/1-explore/README.es.md

@@ -4,18 +4,20 @@
 
 ## Índice
 
-* [Objetivo](#objetivo)
-* [Diagrama](#diagrama)
-* [Guía](#guía)
-   * [Paso 1 - Connectar vía VS Code](#paso-1---connectar-vía-vs-code)
-   * [Paso 2 - Usando la Terminal](#paso-2---usando-la-terminal)
-   * [Paso 3 - Examinando los Entornos de Ejecución](#paso-3---examinando-los-entornos-de-ejecución)
-   * [Paso 4 - Examinando la configuración de ansible-navigator](#paso-4---examinando-la-configuración-de-ansible-navigator)
-   * [Paso 5 - Examinando el inventario](#paso-5---examinando-el-inventario)
-   * [Paso 6 - Comprendiendo el inventario](#paso-6---comprendiendo-el-inventario)
-   * [Paso 7 - Usando ansible-navigator para explorar el inventario](#paso-7---usando-ansible-navigator-para-explorar-el-inventario)
-   * [Paso 8 - Connectándose a dispositivos de red](#paso-8---connectándose-a-dispositivos-de-red)
-* [Completado](#complete)
+- [Ejercicio 1 - Explorando el entorno de laboratorio](#ejercicio-1---explorando-el-entorno-de-laboratorio)
+  - [Índice](#índice)
+  - [Objetivo](#objetivo)
+  - [Diagrama](#diagrama)
+  - [Guía](#guía)
+    - [Paso 1 - Connectar vía VS Code](#paso-1---connectar-vía-vs-code)
+    - [Paso 2 - Usando la Terminal](#paso-2---usando-la-terminal)
+    - [Paso 3 - Examinando los Entornos de Ejecución](#paso-3---examinando-los-entornos-de-ejecución)
+    - [Paso 4 - Examinando la configuración de ansible-navigator](#paso-4---examinando-la-configuración-de-ansible-navigator)
+    - [Paso 5 - Examinando el inventario](#paso-5---examinando-el-inventario)
+    - [Paso 6 - Comprendiendo el inventario](#paso-6---comprendiendo-el-inventario)
+    - [Paso 7 - Usando ansible-navigator para explorar el inventario](#paso-7---usando-ansible-navigator-para-explorar-el-inventario)
+    - [Paso 8 - Connectándose a dispositivos de red](#paso-8---connectándose-a-dispositivos-de-red)
+  - [Completado](#completado)
 
 ## Objetivo
 
@@ -31,10 +33,9 @@ Esto incluye:
 
 Si necesitaás más informacion sobre los nuevos componentes de Ansible Automation Platform, añáde esta página [https://red.ht/AAP-20](https://red.ht/AAP-20) a tus marcadores.
 
-> Chatea con nosotros
+> Join our community forum!
 >
-> Antes de comenzar, por favor, únete a nosotros en slack <a href="https://join.slack.com/t/ansiblenetwork/shared_invite/zt-3zeqmhhx-zuID9uJqbbpZ2KdVeTwvzw">Haz click aquí para unirte al canal de slack ansiblenetwork</a>. Esto te permitirá chatear con otros ingeniero de automatización de redes y obtener ayuda una vez concluídos los talleres. Si el enlace no funcionase, por favor envíanos un email a <a href="mailto:[email protected]">Ansible Technical Marketing</a></th>
-
+> Before you get started, please join us on <a target="_new" href="https://forum.ansible.com/">https://forum.ansible.com/</a>.  This will allow you to get Ansible help after the workshops concludes.
 
 ## Diagrama
 

exercises/ansible_network/1-explore/README.ja.md

@@ -5,20 +5,20 @@
 
 ## 目次
 
-* [目的](#objective)
-* [図](#diagram)
-* [ガイド](#guide)
-   * [ステップ 1 - VS Code を使用した接続](#step-1---connecting-via-vs-code)
-   * [ステップ 2 - ターミナルの使用](#step-2---using-the-terminal)
-   * [ステップ 3 - 実行環境の検証](#step-3---examining-execution-environments)
-   * [ステップ 4 - ansible-navigator
-     設定の検証](#step-4---examining-the-ansible-navigator-configuration)
-   * [ステップ 5 - インベントリーの検証](#step-5---examining-inventory)
-   * [ステップ 6 - インベントリーについて](#step-6---understanding-inventory)
-   * [ステップ 7 - ansible-navigator
-     を使用したインベントリーの探索](#step-7---using-ansible-navigator-to-explore-inventory)
-   * [ステップ 8 - ネットワークデバイスへの接続](#step-8---connecting-to-network-devices)
-* [完了](#complete)
+- [演習 1 - ラボ環境の探索](#演習-1---ラボ環境の探索)
+  - [目次](#目次)
+  - [目的](#目的)
+  - [図](#図)
+  - [ガイド](#ガイド)
+    - [ステップ 1 - VS Code を使用した接続](#ステップ-1---vs-code-を使用した接続)
+    - [ステップ 2 - ターミナルの使用](#ステップ-2---ターミナルの使用)
+    - [ステップ 3 - 実行環境の検証](#ステップ-3---実行環境の検証)
+    - [ステップ 4 - ansible-navigator 設定の検証](#ステップ-4---ansible-navigator-設定の検証)
+    - [ステップ 5 - インベントリーの検証](#ステップ-5---インベントリーの検証)
+    - [ステップ 6 - インベントリーについて](#ステップ-6---インベントリーについて)
+    - [ステップ 7 - ansible-navigator を使用したインベントリーの探索](#ステップ-7---ansible-navigator-を使用したインベントリーの探索)
+    - [ステップ 8 - ネットワークデバイスへの接続](#ステップ-8---ネットワークデバイスへの接続)
+  - [完了](#完了)
 
 ## 目的
 
@@ -45,9 +45,9 @@ Hatがサポートするすべてのコレクションがすでに含まれて
 Ansible Automation Platformの新しいコンポーネントに関する情報が必要な場合は、このランディングページをブックマークしてください
 [https://red.ht/AAP-20](https://red.ht/AAP-20)
 
-> チャットでコミュニケーションしましょう
+> Join our community forum!
 >
-> 始める前に、slack にご参加ください! <a href="https://join.slack.com/t/ansiblenetwork/shared_invite/zt-3zeqmhhx-zuID9uJqbbpZ2KdVeTwvzw">ansiblenetwork slack に参加するには、こちらをクリック</a>。これにより、他のネットワーク自動化エンジニアとチャットしたり、ワークショップの終了後にサポートを受けたりすることができます。リンクが古くなっている場合は、<a href="mailto:ansible-network@redhat.com">Ansible テクニカルマーケティング</a></th> にメールでご連絡ください。
+> Before you get started, please join us on <a target="_new" href="https://forum.ansible.com/">https://forum.ansible.com/</a>.  This will allow you to get Ansible help after the workshops concludes.
 
 
 ## 図

exercises/ansible_network/1-explore/README.md

@@ -32,9 +32,9 @@ These first few lab exercises will be exploring the command-line utilities of th
 
 If you need more information on new Ansible Automation Platform components bookmark this landing page [https://red.ht/AAP-20](https://red.ht/AAP-20)
 
-> Chat with us
+> Join our community forum!
 >
-> Before you get started, please join us on slack! <a href="https://join.slack.com/t/ansiblenetwork/shared_invite/zt-3zeqmhhx-zuID9uJqbbpZ2KdVeTwvzw">Click here to join the ansiblenetwork slack</a>.  This will allow you to chat with other network automation engineers and get help after the workshops concludes.  If the link goes stale please email <a href="mailto:[email protected]">Ansible Technical Marketing</a></th>
+> Before you get started, please join us on <a target="_new" href="https://forum.ansible.com/">https://forum.ansible.com/</a>.  This will allow you to get Ansible help after the workshops concludes.
 
 
 ## Diagram

provisioner/ansible.cfg

@@ -3,7 +3,7 @@ host_key_checking = False
 inventory      = hosts
 forks          = 50
 retry_files_enabled = False
-callback_enabled = timer, profile_tasks
+callbacks_enabled = ansible.posix.profile_tasks
 [persistent_connection]
 connect_timeout = 60
 command_timeout = 60

provisioner/group_vars/all/all.yml

@@ -3,7 +3,7 @@ workshop_version: aug11-2022
 student_user: student
 admin_password: ansible
 code_server: true
-workshop_dns_zone: "rhdemo.io"
+workshop_dns_zone: "demoredhat.com"
 s3_state: "present"
 teardown: false
 controllerinstall: true

provisioner/packer/README.md

@@ -3,3 +3,7 @@ Work In Progress (WIP)
 ```bash
 packer build --force automation-controller.pkr.hcl
 ```
+
+```bash
+packer build --force automation-controller9.pkr.hcl
+```

provisioner/packer/build_controller.yml

@@ -0,0 +1,11 @@
+---
+- name: Build Packer Image for Automation controller
+  hosts: localhost
+  gather_facts: false
+  tasks: 
+
+    - name: Build and push the box using Packer.
+      async: 1500
+      poll: 5
+      command: >
+        packer build --force automation-controller.pkr.hcl

provisioner/packer/pre_build_controller.yml

@@ -14,12 +14,19 @@
   gather_facts: true
   become: true
   vars:
-    dns_type: none
     controllerinstall: true
     code_server: true
     username: student
     student: "{{ username }}"
+    short_name: "ansible-1"
   tasks:
+    - name: Set hostname
+      ansible.builtin.hostname:
+        name: "{{ short_name|default('ansible-1') }}"
+    - name: Setup /etc/hosts file per student
+      ansible.builtin.template:
+        src: "{{ playbook_dir }}/templates/etchosts.j2"
+        dest: "/etc/hosts"
     - name: Print out ansible_host var
       ansible.builtin.include_vars:
         file: "../group_vars/all/all.yml" 
@@ -42,4 +49,4 @@
       ansible.builtin.include_role:
         name: ../../roles/control_node
     - include_role:
-        name: ../../roles/code_server
+        name: ../../roles/code_server_native

provisioner/packer/templates/etchosts.j2

@@ -0,0 +1,5 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+127.0.0.1 {{ short_name }}
+

provisioner/provision_lab.yml

@@ -108,21 +108,21 @@
       ansible.builtin.include_role:
         name: ../roles/control_node_always
 
-    - name: Install and configure code server using code_server role
+    - name: Add dns entries for all student control nodes using aws_dns role
       ansible.builtin.include_role:
-        name: ../roles/code_server
+        name: ../roles/aws_dns
       when:
-        - code_server is defined
-        - code_server
+        - dns_type is defined
+        - dns_type == "aws"
         - controllerinstall is defined
         - controllerinstall
 
-    - name: Add dns entries for all student control nodes using aws_dns role
+    - name: Install and configure code server using code_server role
       ansible.builtin.include_role:
-        name: ../roles/aws_dns
+        name: ../roles/code_server_native
       when:
-        - dns_type is defined
-        - dns_type == "aws"
+        - code_server is defined
+        - code_server
         - controllerinstall is defined
         - controllerinstall
 

provisioner/workshop_specific/network.yml

@@ -1,4 +1,15 @@
 ---
+- name: configure control node for legacy crypto
+  hosts: "control_nodes"
+  become: true
+  gather_facts: false
+  tasks:
+  - name: Configure crypto policies
+    include_role:
+      name: redhat.rhel_system_roles.crypto_policies
+    vars:
+      - crypto_policies_policy: LEGACY
+
 - name: wait for routers to have ssh reachability
   hosts: "routers"
   gather_facts: false

provisioner/workshop_specific/ripu.yml

@@ -16,10 +16,7 @@
     ripu_project_scm_branch: 'main'
     controller_infra_workloads:
       - redhat_cop.controller_configuration.credential_types
-      # - redhat_cop.controller_configuration.credentials
       - redhat_cop.controller_configuration.projects
-      # - redhat_cop.controller_configuration.inventories
-      # - redhat_cop.controller_configuration.inventory_sources
       - redhat_cop.controller_configuration.job_templates
     controller_hostname: "https://{{ ansible_host }}"
     controller_username: admin
@@ -130,13 +127,13 @@
 
     - name: Copy controller key to cockpit 
       ansible.builtin.copy:
-        src: "/etc/tower/tower.key"
+        src: "/home/{{ username }}/{{ student }}.{{ ec2_name_prefix|lower|default('unknown') }}.{{ workshop_dns_zone|default('example.com') }}/privkey.pem"
         dest: "/etc/cockpit/ws-certs.d/00-signed.key"
         remote_src: true
 
     - name: Copy controller cert to cockpit 
       ansible.builtin.copy:
-        src: "/etc/tower/tower.cert"
+        src: "/home/{{ username }}/{{ student }}.{{ ec2_name_prefix|lower|default('unknown') }}.{{ workshop_dns_zone|default('example.com') }}/cert.pem"
         dest: "/etc/cockpit/ws-certs.d/00-signed.cert"
         remote_src: true
 
@@ -153,6 +150,7 @@
           instance-state-name: running
           "tag:Workshop_node1": "{{ec2_name_prefix}}-node1"
       delegate_to: localhost
+      become: false
       register: node1_node_facts
 
     - name: Grab ec2_instance_info for node2
@@ -162,6 +160,7 @@
           instance-state-name: running
           "tag:Workshop_node2": "{{ec2_name_prefix}}-node2"
       delegate_to: localhost
+      become: false
       register: node2_node_facts
 
     - name: Grab ec2_instance_info for node3
@@ -171,6 +170,7 @@
           instance-state-name: running
           "tag:Workshop_node3": "{{ec2_name_prefix}}-node3"
       delegate_to: localhost
+      become: false
       register: node3_node_facts
 
     - name: Grab ec2_instance_info for node4
@@ -180,6 +180,7 @@
           instance-state-name: running
           "tag:Workshop_node4": "{{ec2_name_prefix}}-node4"
       delegate_to: localhost
+      become: false
       register: node4_node_facts
 
     - name: Populate ssh host keys to known_hosts
@@ -226,6 +227,37 @@
           delay: 15  # Every 15 seconds
           retries: 16  # 4 minutes 4*60/15
 
+        - name: Retrieve execution environment named "ripu workshop"
+          vars:
+            awx_url: "https://{{ student }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}"
+            awx_username: admin
+            awx_password: "{{ admin_password }}"
+          set_fact:
+            ee_details: "{{ lookup('awx.awx.controller_api', 'execution_environments', host=awx_url, username=awx_username, password=awx_password, verify_ssl=False, query_params={'name': 'ripu workshop execution environment'}, return_values=True) }}"
+          register: ee_retrieve
+          until: ee_retrieve is not failed
+
+        - name: debug ee_details
+          debug:
+            var: ee_details
+
+        - name: Extract image from execution environment details
+          set_fact:
+            ee_image: "{{ ee_details.image | default('registry.redhat.io/ansible-automation-platform-23/ee-supported-rhel8:1.0.0-208') }}"
+
+        - name: Print execution environment image to terminal
+          debug:
+            var: ee_image
+
+        - name: Add EE to the controller instance
+          awx.awx.execution_environment:
+            name: "ripu workshop execution environment"
+            image: "{{ ee_image }}"
+            credential: registry.redhat.io credential
+            controller_username: admin
+            controller_password: "{{ admin_password }}"
+            controller_host: "https://{{ student }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}"
+
         - name: Run Update inventories via dynamic sources job template - RHEL7
           awx.awx.job_launch:
             job_template: "UTILITY / Update inventories via dynamic sources"

roles/aap_download/defaults/main.yml

@@ -1,3 +1,3 @@
 ---
-# Last Modified 2023-8-30 - sean
-provided_sha_value: f5c834de9ad0b8ddbd0182b8f75127d4857e7c2a136e6c4f66ef5b92b2a41bb9
+# Last Modified 2023-10-9 - sean
+provided_sha_value: 11e23e06da6e660c06ebd960884ae34a2ffb97a1d704579fd3ec9f6ae5f1a09a