diff --git a/.gitignore b/.gitignore index 2b620d694..66835a141 100644 --- a/.gitignore +++ b/.gitignore @@ -33,6 +33,7 @@ provisioner/workshop_specific/roles/geerlingguy.repo-epel/ provisioner/roles/ansible_security.ids_config/ provisioner/roles/ansible_security.ids_install/ provisioner/roles/geerlingguy.repo-epel/ +provisioner/ansible-automation-platform* .pyc .swp Gemfile.lock @@ -55,3 +56,4 @@ provisioner/packer/manifest.zip *-artifact-*.json provisioner/test.yml provisioner/colin.yml +.vscode/settings.json diff --git a/.yamllint b/.yamllint deleted file mode 100644 index 6f0d12b3a..000000000 --- a/.yamllint +++ /dev/null @@ -1,14 +0,0 @@ ---- -extends: default - -ignore: | - .tox - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - line-length: disable diff --git a/README.md b/README.md index 3fccb4c0e..2e1cb1ece 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ The Red Hat Ansible Automation Workshops project is intended for effectively dem | Workshop | Public Deck | Red Hat Internal | Exercises | Workshop Type Var | |---|---|---|---|---| | **[Ansible Red Hat Enterprise Linux Workshop](./exercises/ansible_rhel)**
focused on automating Linux platforms like Red Hat Enterprise Linux | [PDF](./decks/ansible_rhel.pdf) | [Google Source](https://docs.google.com/presentation/d/1O2Gj5r_fhjM5Pi5FizrZRInmZ37IlpeKPTP6jSZxEKs/edit?usp=sharing) | [Exercises](./exercises/ansible_rhel) | `workshop_type: rhel` | -| **[Ansible Config as Code Workshop](./exercises/ansible_config_as_code)**
focused on config as code for AAP | [PDF](./decks/config_as_code.pdf) | [Google Source](https://docs.google.com/presentation/d/1F6W8p0MG878AC3Q1CsNZHfhX5VkEyGKbwDHACQtoLPI) | [Exercises](./exercises/ansible_config_as_code) | `workshop_type: config_as_code` | +| **[Ansible Config as Code Workshop](./exercises/ansible_config_as_code)**
focused on config as code for AAP | [PDF](./decks/config_as_code.pdf) | [Google Source](https://docs.google.com/presentation/d/1F6W8p0MG878AC3Q1CsNZHfhX5VkEyGKbwDHACQtoLPI) | [Exercises](./exercises/ansible_config_as_code) | `workshop_type: configascode` | | **[Ansible Network Automation Workshop](./exercises/ansible_network)**
focused on router and switch platforms like Arista, Cisco, Juniper | [PDF](./decks/ansible_network.pdf) | [Google Source](https://docs.google.com/presentation/d/1PIT-kGAGMVEEK8PsuZCoyzFC5CIzLBwdnftnUsdUNWQ/edit?usp=sharing) | [Exercises](./exercises/ansible_network) | `workshop_type: network` | | **[Ansible Security Automation](./exercises/ansible_security)**
focused on automation of security tools like Check Point Firewall, IBM QRadar and the IDS Snort | [PDF](./decks/ansible_security.pdf) | [Google Source](https://docs.google.com/presentation/d/19gVCBz1BmxC15tDDj-FUlUd_jUUUKay81E8F24cyUjk/edit?usp=sharing) | [Exercises](./exercises/ansible_security) | `workshop_type: security` | | **[Ansible Windows Automation Workshop](./exercises/ansible_windows)**
focused on automation of Microsoft Windows | [PDF](./decks/ansible_windows.pdf) | [Google Source](https://docs.google.com/presentation/d/1RO5CQiCoqLDES1NvTI_1fQrR-oWM1NuW-uB0JRvtJzE) | [Exercises](./exercises/ansible_windows) | `workshop_type: windows` | diff --git a/bindep.txt b/bindep.txt deleted file mode 100644 index 904195243..000000000 --- a/bindep.txt +++ /dev/null @@ -1 +0,0 @@ -sshpass [epel] diff --git a/exercises/ansible_config_as_code/1-ee/README.md b/exercises/ansible_config_as_code/1-ee/README.md index 9c1ec0d36..57fcddb0f 100644 --- a/exercises/ansible_config_as_code/1-ee/README.md +++ b/exercises/ansible_config_as_code/1-ee/README.md @@ -215,6 +215,8 @@ ee_pull_collections_from_hub: false {% endraw %} +======= + Further documentation for those who are interested to learn more see: - [YAML lists and more](https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html) diff --git a/exercises/ansible_config_as_code/2-pah/README.md b/exercises/ansible_config_as_code/2-pah/README.md index 92f0558d5..20c54c66b 100644 --- a/exercises/ansible_config_as_code/2-pah/README.md +++ b/exercises/ansible_config_as_code/2-pah/README.md @@ -4,11 +4,7 @@ In this section you will configure your private automation hub using the code pr ## Step 1 -Ensure that you have `ansible-navigator` installed on your machine. - -```console -sudo dnf install ansible-navigator -``` +This lab uses `ansible-navigator` and has been tested against v3.4.1. It should be pre-installed on your machine. Further documentation for those who are interested to learn more see: @@ -22,12 +18,13 @@ Create a file `group_vars/all/ah_repositories.yml` you will need to add `infra.a --- ah_collection_remotes: - name: community-infra - url: https://beta-galaxy.ansible.com/ + url: https://galaxy.ansible.com/ requirements: - name: infra.ee_utilities - name: infra.aap_utilities - name: containers.podman - name: awx.awx + - name: community.general ah_collection_repositories: - name: community-infra-repo @@ -51,7 +48,7 @@ Further documentation for those who are interested to learn more see: {% raw %} -Create a file `group_vars/all/ah_users.yml` make sure this user has `is_superuser` set to `true` and their `password` is set to `"{{ ah_token_password }}"`. +Create a file `group_vars/all/ah_users.yml` make sure this user has their `password` set to `"{{ ah_token_password }}"`. ```yaml --- @@ -62,6 +59,7 @@ ah_users: - "admin" append: true state: "present" + is_superuser: true ... ``` @@ -83,7 +81,7 @@ Further documentation for those who are interested to learn more see: ## Step 5 -Create a playbook `playbooks/hub_config.yml` add in the `repository` role name in the first task and the `user` role name in the last task. +Create a playbook `playbooks/hub_config.yml` add in the `collection_remote` role name in the first task and the `user` role name in the last task. ```yaml --- @@ -96,7 +94,7 @@ Create a playbook `playbooks/hub_config.yml` add in the `repository` role name i tasks: - name: Include collection remote role ansible.builtin.include_role: - name: infra.ah_configuration. # Insert Collection Name here + name: infra.ah_configuration. # Insert Role Name here - name: Include collection repository role ansible.builtin.include_role: @@ -112,7 +110,7 @@ Create a playbook `playbooks/hub_config.yml` add in the `repository` role name i - name: Include user role ansible.builtin.include_role: - name: infra.ah_configuration. # Insert Collection Name here + name: infra.ah_configuration. # Insert Role Name here ... ``` @@ -120,9 +118,7 @@ Create a playbook `playbooks/hub_config.yml` add in the `repository` role name i The next step is to run the playbook, for demonstration purposes we are going to show how to get the Execution Environment(EE) that was built in the previous step and run the playbook. -If you wish to skip this step run the playbook this way[^1]. - -[^1]: `ansible-galaxy collection install infra.ah_configuration` then `ansible-playbook -i inventory.yml -l automationhub playbooks/hub_config.yml` +If you wish to skip this step and use the CLI instead of navigator, see the alternate instructions in the next section. Login to the automation hub using the podman login command. This will ask for a user:pass. After authenticating pull the config_as_code image. @@ -151,4 +147,13 @@ Use these options to run the playbook in the execution environment. ansible-navigator run playbooks/hub_config.yml --eei hub-student#.rh####.example.opentlc.com/config_as_code -i inventory.yml -l automationhub --pa='--tls-verify=false' -m stdout ``` +## Step 6 (Alternate) +If someone was wrong with your execution environment, or want to run this in the CLI instead of Navigator, use the following commands. + +```console +ansible-galaxy collection install infra.ah_configuration:2.0.3 +ansible-playbook -i inventory.yml -l automationhub playbooks/hub_config.yml +``` + + [previous task](../1-ee/README.md) [next task](../3-controller/README.md) diff --git a/exercises/ansible_config_as_code/3-controller/README.md b/exercises/ansible_config_as_code/3-controller/README.md index bd858e560..871164c2a 100644 --- a/exercises/ansible_config_as_code/3-controller/README.md +++ b/exercises/ansible_config_as_code/3-controller/README.md @@ -33,6 +33,7 @@ controller_execution_environments: ![execution_environments supported](images/ee_supportedv3.png) ![execution_environments minimal](images/ee_minimalv2.png) ![execution_environments 2.9](images/ee_29v2.png) +![execution_environments 2.9](images/ee_config_as_code.png) Further documentation for those who are interested to learn more see: @@ -83,15 +84,15 @@ controller_credential_types: env: AH_PASSWORD: !unsafe "{{ password }}" AH_USERNAME: !unsafe "{{ username }}" - AH_HOST: # Insert appropriate variable from above here + AH_HOST: !unsafe # Insert appropriate variable from above here AH_API_TOKEN: !unsafe # Insert appropriate variable from above here AH_VERIFY_SSL: !unsafe # Insert appropriate variable from above here extra_vars: ah_password: !unsafe "{{ password }}" ah_username: !unsafe "{{ username }}" - ah_host: # Insert appropriate variable from above here - ah_token: # Insert appropriate variable from above here - ah_validate_certs: # Insert appropriate variable from above here + ah_host: !unsafe # Insert appropriate variable from above here + ah_token: !unsafe # Insert appropriate variable from above here + ah_validate_certs: !unsafe # Insert appropriate variable from above here - name: ssh_priv_file kind: cloud @@ -138,7 +139,7 @@ Further documentation for those who are interested to learn more see: ## Step 5 -Create a file `group_vars/all/credentials.yml` and add the required information to the list `controller_credentials` to configure the UI to look like the screenshot +Create a file `group_vars/all/credentials.yml` and add the required information to the list `controller_credentials` to configure the UI to look like the screenshot. Make it to look like the screenshot, but make sure to use parameters for the values. DO NOT PASTE YOUR CLEARTEST CREDENTIALS! {% raw %} @@ -203,7 +204,7 @@ controller_credentials: username: student password: "{{ machine_pass }}" - - name: git + - name: github credential_type: Source Control organization: config_as_code description: git @@ -276,7 +277,7 @@ controller_inventory_sources: ... ``` -![inventory_source](images/inventory_source.png) +![inventory_source](images/inventory_source_v2.png) Further documentation for those who are interested to learn more see: @@ -454,10 +455,11 @@ Create a `collections/requirements.yml` file and add these collections to pull a --- collections: - name: infra.controller_configuration + version: 2.5.1 - name: infra.ah_configuration - - name: infra.ee_utilities - - name: infra.aap_utilities + version: 2.0.3 - name: awx.awx + version: 22.4.0 ... ``` diff --git a/exercises/ansible_config_as_code/3-controller/images/ee_config_as_code.png b/exercises/ansible_config_as_code/3-controller/images/ee_config_as_code.png new file mode 100644 index 000000000..85e845999 Binary files /dev/null and b/exercises/ansible_config_as_code/3-controller/images/ee_config_as_code.png differ diff --git a/exercises/ansible_config_as_code/3-controller/images/inventory_source_v2.png b/exercises/ansible_config_as_code/3-controller/images/inventory_source_v2.png new file mode 100644 index 000000000..6b7e11108 Binary files /dev/null and b/exercises/ansible_config_as_code/3-controller/images/inventory_source_v2.png differ diff --git a/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/ah_repositories.yml b/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/ah_repositories.yml index 3363f56f4..da4cf2221 100644 --- a/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/ah_repositories.yml +++ b/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/ah_repositories.yml @@ -1,7 +1,7 @@ --- ah_collection_remotes: - name: community-infra - url: https://beta-galaxy.ansible.com/ + url: https://galaxy.ansible.com/ requirements: - name: infra.ee_utilities - name: infra.controller_configuration diff --git a/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/credentials.yml b/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/credentials.yml index 03da13dee..e496e9a14 100644 --- a/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/credentials.yml +++ b/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/credentials.yml @@ -68,7 +68,7 @@ controller_credentials: username: student password: "{{ machine_pass }}" - - name: git + - name: github credential_type: Source Control organization: config_as_code description: git diff --git a/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/execution_environments.yml b/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/execution_environments.yml index 1dc196afc..4328d28af 100644 --- a/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/execution_environments.yml +++ b/exercises/ansible_config_as_code/answer_files/workshop_project/group_vars/all/execution_environments.yml @@ -14,4 +14,9 @@ controller_execution_environments: image: "{{ ah_host }}/ee-29-rhel8" pull: always credential: cr_ah + + - name: "config_as_code" + image: "{{ ah_host }}/config_as_code" + pull: always + credential: cr_ah ... diff --git a/exercises/ansible_config_as_code/answer_files/workshop_project/playbooks/hub_config.yml b/exercises/ansible_config_as_code/answer_files/workshop_project/playbooks/hub_config.yml index 0347fdf76..a6f186e9d 100644 --- a/exercises/ansible_config_as_code/answer_files/workshop_project/playbooks/hub_config.yml +++ b/exercises/ansible_config_as_code/answer_files/workshop_project/playbooks/hub_config.yml @@ -8,7 +8,7 @@ tasks: - name: Include collection remote role ansible.builtin.include_role: - name: infra.ah_configuration. # Insert Collection Name here + name: infra.ah_configuration.collection_remote - name: Include collection repository role ansible.builtin.include_role: @@ -24,5 +24,5 @@ - name: Include user role ansible.builtin.include_role: - name: infra.ah_configuration. # Insert Collection Name here + name: infra.ah_configuration.user ... diff --git a/exercises/ansible_network/1-explore/README.es.md b/exercises/ansible_network/1-explore/README.es.md index 65b2e2c0c..83e250f86 100644 --- a/exercises/ansible_network/1-explore/README.es.md +++ b/exercises/ansible_network/1-explore/README.es.md @@ -4,18 +4,20 @@ ## Índice -* [Objetivo](#objetivo) -* [Diagrama](#diagrama) -* [Guía](#guía) - * [Paso 1 - Connectar vía VS Code](#paso-1---connectar-vía-vs-code) - * [Paso 2 - Usando la Terminal](#paso-2---usando-la-terminal) - * [Paso 3 - Examinando los Entornos de Ejecución](#paso-3---examinando-los-entornos-de-ejecución) - * [Paso 4 - Examinando la configuración de ansible-navigator](#paso-4---examinando-la-configuración-de-ansible-navigator) - * [Paso 5 - Examinando el inventario](#paso-5---examinando-el-inventario) - * [Paso 6 - Comprendiendo el inventario](#paso-6---comprendiendo-el-inventario) - * [Paso 7 - Usando ansible-navigator para explorar el inventario](#paso-7---usando-ansible-navigator-para-explorar-el-inventario) - * [Paso 8 - Connectándose a dispositivos de red](#paso-8---connectándose-a-dispositivos-de-red) -* [Completado](#complete) +- [Ejercicio 1 - Explorando el entorno de laboratorio](#ejercicio-1---explorando-el-entorno-de-laboratorio) + - [Índice](#índice) + - [Objetivo](#objetivo) + - [Diagrama](#diagrama) + - [Guía](#guía) + - [Paso 1 - Connectar vía VS Code](#paso-1---connectar-vía-vs-code) + - [Paso 2 - Usando la Terminal](#paso-2---usando-la-terminal) + - [Paso 3 - Examinando los Entornos de Ejecución](#paso-3---examinando-los-entornos-de-ejecución) + - [Paso 4 - Examinando la configuración de ansible-navigator](#paso-4---examinando-la-configuración-de-ansible-navigator) + - [Paso 5 - Examinando el inventario](#paso-5---examinando-el-inventario) + - [Paso 6 - Comprendiendo el inventario](#paso-6---comprendiendo-el-inventario) + - [Paso 7 - Usando ansible-navigator para explorar el inventario](#paso-7---usando-ansible-navigator-para-explorar-el-inventario) + - [Paso 8 - Connectándose a dispositivos de red](#paso-8---connectándose-a-dispositivos-de-red) + - [Completado](#completado) ## Objetivo @@ -31,10 +33,9 @@ Esto incluye: Si necesitaás más informacion sobre los nuevos componentes de Ansible Automation Platform, añáde esta página [https://red.ht/AAP-20](https://red.ht/AAP-20) a tus marcadores. -> Chatea con nosotros +> Join our community forum! > -> Antes de comenzar, por favor, únete a nosotros en slack Haz click aquí para unirte al canal de slack ansiblenetwork. Esto te permitirá chatear con otros ingeniero de automatización de redes y obtener ayuda una vez concluídos los talleres. Si el enlace no funcionase, por favor envíanos un email a Ansible Technical Marketing - +> Before you get started, please join us on https://forum.ansible.com/. This will allow you to get Ansible help after the workshops concludes. ## Diagrama diff --git a/exercises/ansible_network/1-explore/README.ja.md b/exercises/ansible_network/1-explore/README.ja.md index 4ee81da58..4b37fce66 100644 --- a/exercises/ansible_network/1-explore/README.ja.md +++ b/exercises/ansible_network/1-explore/README.ja.md @@ -5,20 +5,20 @@ ## 目次 -* [目的](#objective) -* [図](#diagram) -* [ガイド](#guide) - * [ステップ 1 - VS Code を使用した接続](#step-1---connecting-via-vs-code) - * [ステップ 2 - ターミナルの使用](#step-2---using-the-terminal) - * [ステップ 3 - 実行環境の検証](#step-3---examining-execution-environments) - * [ステップ 4 - ansible-navigator - 設定の検証](#step-4---examining-the-ansible-navigator-configuration) - * [ステップ 5 - インベントリーの検証](#step-5---examining-inventory) - * [ステップ 6 - インベントリーについて](#step-6---understanding-inventory) - * [ステップ 7 - ansible-navigator - を使用したインベントリーの探索](#step-7---using-ansible-navigator-to-explore-inventory) - * [ステップ 8 - ネットワークデバイスへの接続](#step-8---connecting-to-network-devices) -* [完了](#complete) +- [演習 1 - ラボ環境の探索](#演習-1---ラボ環境の探索) + - [目次](#目次) + - [目的](#目的) + - [図](#図) + - [ガイド](#ガイド) + - [ステップ 1 - VS Code を使用した接続](#ステップ-1---vs-code-を使用した接続) + - [ステップ 2 - ターミナルの使用](#ステップ-2---ターミナルの使用) + - [ステップ 3 - 実行環境の検証](#ステップ-3---実行環境の検証) + - [ステップ 4 - ansible-navigator 設定の検証](#ステップ-4---ansible-navigator-設定の検証) + - [ステップ 5 - インベントリーの検証](#ステップ-5---インベントリーの検証) + - [ステップ 6 - インベントリーについて](#ステップ-6---インベントリーについて) + - [ステップ 7 - ansible-navigator を使用したインベントリーの探索](#ステップ-7---ansible-navigator-を使用したインベントリーの探索) + - [ステップ 8 - ネットワークデバイスへの接続](#ステップ-8---ネットワークデバイスへの接続) + - [完了](#完了) ## 目的 @@ -45,9 +45,9 @@ Hatがサポートするすべてのコレクションがすでに含まれて Ansible Automation Platformの新しいコンポーネントに関する情報が必要な場合は、このランディングページをブックマークしてください [https://red.ht/AAP-20](https://red.ht/AAP-20) -> チャットでコミュニケーションしましょう +> Join our community forum! > -> 始める前に、slack にご参加ください! ansiblenetwork slack に参加するには、こちらをクリック。これにより、他のネットワーク自動化エンジニアとチャットしたり、ワークショップの終了後にサポートを受けたりすることができます。リンクが古くなっている場合は、Ansible テクニカルマーケティング にメールでご連絡ください。 +> Before you get started, please join us on https://forum.ansible.com/. This will allow you to get Ansible help after the workshops concludes. ## 図 diff --git a/exercises/ansible_network/1-explore/README.md b/exercises/ansible_network/1-explore/README.md index 42331149d..0c046af2f 100644 --- a/exercises/ansible_network/1-explore/README.md +++ b/exercises/ansible_network/1-explore/README.md @@ -4,18 +4,20 @@ ## Table of Contents -* [Objective](#objective) -* [Diagram](#diagram) -* [Guide](#guide) - * [Step 1 - Connecting via VS Code](#step-1---connecting-via-vs-code) - * [Step 2 - Using the Terminal](#step-2---using-the-terminal) - * [Step 3 - Examining Execution Environments](#step-3---examining-execution-environments) - * [Step 4 - Examining the ansible-navigator configuration](#step-4---examining-the-ansible-navigator-configuration) - * [Step 5 - Examining inventory](#step-5---examining-inventory) - * [Step 6 - Understanding inventory](#step-6---understanding-inventory) - * [Step 7 - Using ansible-navigator to explore inventory](#step-7---using-ansible-navigator-to-explore-inventory) - * [Step 8 - Connecting to network devices](#step-8---connecting-to-network-devices) -* [Complete](#complete) +- [Exercise 1 - Exploring the lab environment](#exercise-1---exploring-the-lab-environment) + - [Table of Contents](#table-of-contents) + - [Objective](#objective) + - [Diagram](#diagram) + - [Guide](#guide) + - [Step 1 - Connecting via VS Code](#step-1---connecting-via-vs-code) + - [Step 2 - Using the Terminal](#step-2---using-the-terminal) + - [Step 3 - Examining Execution Environments](#step-3---examining-execution-environments) + - [Step 4 - Examining the ansible-navigator configuration](#step-4---examining-the-ansible-navigator-configuration) + - [Step 5 - Examining inventory](#step-5---examining-inventory) + - [Step 6 - Understanding inventory](#step-6---understanding-inventory) + - [Step 7 - Using ansible-navigator to explore inventory](#step-7---using-ansible-navigator-to-explore-inventory) + - [Step 8 - Connecting to network devices](#step-8---connecting-to-network-devices) + - [Complete](#complete) ## Objective @@ -30,9 +32,9 @@ These first few lab exercises will be exploring the command-line utilities of th If you need more information on new Ansible Automation Platform components bookmark this landing page [https://red.ht/AAP-20](https://red.ht/AAP-20) -> Chat with us +> Join our community forum! > -> Before you get started, please join us on slack! Click here to join the ansiblenetwork slack. This will allow you to chat with other network automation engineers and get help after the workshops concludes. If the link goes stale please email Ansible Technical Marketing +> Before you get started, please join us on https://forum.ansible.com/. This will allow you to get Ansible help after the workshops concludes. ## Diagram @@ -123,18 +125,20 @@ Selecting `2` for `Ansible version and collections` will show us all Ansible Col Either use Visual Studio Code to open or use the `cat` command to view the contents of the `ansible-navigator.yml` file. The file is located in the home directory: ```bash -$ cat ~/.ansible-navigator.yml +$ cat .ansible-navigator.yml --- ansible-navigator: ansible: - inventories: - - /home/student/lab_inventory/hosts + inventory: + entries: + - /home/student/lab_inventory/hosts execution-environment: image: quay.io/acme_corp/network-ee:latest enabled: true container-engine: podman - pull-policy: missing + pull: + policy: missing volume-mounts: - src: "/etc/ansible/" dest: "/etc/ansible/" diff --git a/exercises/ansible_rhel/1.1-setup/README.md b/exercises/ansible_rhel/1.1-setup/README.md index 14ca8ded4..bb4b8736c 100644 --- a/exercises/ansible_rhel/1.1-setup/README.md +++ b/exercises/ansible_rhel/1.1-setup/README.md @@ -5,14 +5,16 @@ ## Table of Contents -* [Objective](#objective) -* [Guide](#guide) - * [Your Lab Environment](#your-lab-environment) - * [Step 1 - Access the Environment](#step-1---access-the-environment) - * [Step 2 - Using the Terminal](#step-2---using-the-terminal) - * [Step 3 - Examining Execution Environments](#step-3---examining-execution-environments) - * [Step 4 - Examining the ansible-navigator configuration](#step-4---examining-the-ansible-navigator-configuration) - * [Step 5 - Challenge Labs](#step-5---challenge-labs) +- [Workshop Exercise - Check the Prerequisites](#workshop-exercise---check-the-prerequisites) + - [Table of Contents](#table-of-contents) + - [Objective](#objective) + - [Guide](#guide) + - [Your Lab Environment](#your-lab-environment) + - [Step 1 - Access the Environment](#step-1---access-the-environment) + - [Step 2 - Using the Terminal](#step-2---using-the-terminal) + - [Step 3 - Examining Execution Environments](#step-3---examining-execution-environments) + - [Step 4 - Examining the ansible-navigator configuration](#step-4---examining-the-ansible-navigator-configuration) + - [Step 5 - Challenge Labs](#step-5---challenge-labs) ## Objective @@ -138,7 +140,7 @@ Note the following parameters within the `ansible-navigator.yml` file: * `inventories`: shows the location of the ansible inventory being used * `execution-environment`: where the default execution environment is set -For a full listing of every configurable knob checkout the [documentation](https://ansible-navigator.readthedocs.io/en/latest/settings/) +For a full listing of every configurable knob checkout the [documentation](https://ansible.readthedocs.io/projects/navigator/settings/) ### Step 5 - Challenge Labs diff --git a/exercises/ansible_rhel/2.7-wrap/README.md b/exercises/ansible_rhel/2.7-wrap/README.md index d14899f77..86c820d65 100644 --- a/exercises/ansible_rhel/2.7-wrap/README.md +++ b/exercises/ansible_rhel/2.7-wrap/README.md @@ -5,16 +5,18 @@ ## Table of Contents -* [Objective](#objective) -* [Guide](#guide) - * [Let’s set the stage](#lets-set-the-stage) - * [The Git Repository](#the-git-repository) - * [Prepare Inventory](#prepare-inventory) - * [Create the Template](#create-the-template) - * [Check the results](#check-the-results) - * [Add Survey](#add-survey) - * [Solution](#solution) -* [The End](#the-end) +- [Workshop Exercise - Wrap up](#workshop-exercise---wrap-up) + - [Table of Contents](#table-of-contents) + - [Objective](#objective) + - [Guide](#guide) + - [Let’s set the stage](#lets-set-the-stage) + - [The Git Repository](#the-git-repository) + - [Prepare Inventory](#prepare-inventory) + - [Create the Template](#create-the-template) + - [Check the Results](#check-the-results) + - [Add Survey](#add-survey) + - [Solution](#solution) + - [The End](#the-end) ## Objective @@ -101,8 +103,7 @@ Within the **Details** tab of the `Webserver` group, click on **Edit**. Within t stage: dev ``` -Within the **Details** tab of the `Webserver` inventory, click the **Hosts** tab, click the **Add** button and **Add existing host**. Select `node1`, `node2`, `node3` as the hosts to be part of the `Webserver` inventory. - +Within the **Details** tab of the `Webserver` group, click the **Hosts** tab, click the **Add** button and **Add existing host**. Select `node1`, `node2`, `node3` as the hosts to be part of the `Webserver` inventory. Within **Resources** -> **Inventories**, select the `Workshop` Inventory. Click on the `Hosts` tab and click on `node2`. Click on `Edit` and add the `stage: prod` variable in the **Variables** window. This overrides the inventory variable due to order of operations of how the variables are accessed during playbook execution. diff --git a/exercises/ansible_rhel_90/6-system-roles/README.md b/exercises/ansible_rhel_90/6-system-roles/README.md index ac68a56a7..f6fb5a971 100644 --- a/exercises/ansible_rhel_90/6-system-roles/README.md +++ b/exercises/ansible_rhel_90/6-system-roles/README.md @@ -4,21 +4,23 @@ ## Table Contents -* [Objective](#objective) -* [Guide](#guide) - * [Step 1 - Examine Ansible Project](#step-1---examine-ansible-project) - * [Step 2 - Examine the Ansible Playbook](#step-2---examine-the-ansible-playbook) - * [Step 3 - Examine the Linux System Roles](#step-3---examine-the-linux-system-roles) - * [Step 4 - Launch the Ansible Job](#step-4---launch-the-ansible-job) - * [Step 5 - Verify the configuration](#step-5---verify-the-configuration) -* [Complete](#complete) +- [Exercise - Linux System Roles](#exercise---linux-system-roles) + - [Table Contents](#table-contents) +- [Objective](#objective) +- [Guide](#guide) + - [Step 1 - Examine Ansible Project](#step-1---examine-ansible-project) + - [Step 2 - Examine the Ansible Playbook](#step-2---examine-the-ansible-playbook) + - [Step 3 - Examine the Linux System Roles](#step-3---examine-the-linux-system-roles) + - [Step 4 - Launch the Ansible Job](#step-4---launch-the-ansible-job) + - [Step 5 - Verify the configuration](#step-5---verify-the-configuration) +- [Complete](#complete) # Objective The goal of this exercise is to understand and use pre-existing content in the forms of roles and collections from Automation Hub and Ansible Galaxy. - Understand and use [Linux System Roles](https://linux-system-roles.github.io/) and [RHEL System Roles Collection](https://console.redhat.com/ansible/automation-hub/repo/published/redhat/rhel_system_roles) - - Use [firewall role](https://galaxy.ansible.com/linux-system-roles/firewall) to configure the firewall + - Use [firewall role](https://galaxy.ansible.com/ui/standalone/roles/linux-system-roles/firewall/) to configure the firewall - Use the [timesync role](https://console.redhat.com/ansible/automation-hub/repo/published/redhat/rhel_system_roles/content/role/timesync) to configure NTP from the RHEL System Roles Collection. - Use a pre-populated Ansible Survey to configure the RHEL web hosts @@ -40,19 +42,21 @@ Take note of the Github repository that was pre-loaded into your Ansible Automat ## Step 2 - Examine the Ansible Playbook -Open the repository linked above in your web browser. Navigate to **playbooks/security/hardening.yml** +Open the repository linked above in your web browser. Navigate to **linux/hardening.yml** + +The full URL is: [https://github.com/ansible/product-demos/blob/main/linux/hardening.yml](https://github.com/ansible/product-demos/blob/main/linux/hardening.yml) Take note of these two tasks: ``` - name: Configure Firewall when: harden_firewall | bool - include_role: + ansible.builtin.include_role: name: linux-system-roles.firewall - name: Configure Timesync when: harden_time | bool - include_role: + ansible.builtin.include_role: name: redhat.rhel_system_roles.timesync ``` @@ -74,7 +78,7 @@ There are two tasks that include a role and a role from a collection respectivel The Ansible Playbooks are simple. They just use the pre-built Ansible Playbooks provided by Ansible Galaxy and Automation Hub. These were pre-installed for this Ansible Workshop. -- [firewall system role](https://galaxy.ansible.com/linux-system-roles/firewall) - by default this installs firewalld, python3-firewall. Optional parameters can be sent such as what service to open: +- [firewall system role](https://galaxy.ansible.com/ui/standalone/roles/linux-system-roles/firewall/) - by default this installs firewalld, python3-firewall. Optional parameters can be sent such as what service to open: ``` vars: diff --git a/provisioner/README.md b/provisioner/README.md index abfe2053a..60a115f61 100644 --- a/provisioner/README.md +++ b/provisioner/README.md @@ -18,29 +18,31 @@ The `github.com/ansible/workshops` contains an Ansible Playbook `provision_lab.y ## Table of Contents -* [Ansible Automation Workshop Provisioner](#ansible-automation-workshop-provisioner) - * [Table Of Contents](#table-of-contents) - * [Requirements](#requirements) - * [Lab Setup](#lab-setup) - * [One Time Setup](#one-time-setup) - * [Ansible-Navigator](#ansible-navigator) - * [1. AWS Creds for Execution Environments](#1-aws-creds-for-execution-environments) - * [2. Running Ansible-Navigator from the project root](#2-running-ansible-navigator-from-the-project-root) - * [Setup (per workshop)](#setup-per-workshop) - * [Automation controller license](#automation-controller-license) - * [Additional examples](#additional-examples) - * [Accessing student documentation and slides](#accessing-student-documentation-and-slides) - * [Accessing instructor inventory](#accessing-instructor-inventory) - * [DNS](#dns) - * [Smart Management](#smart-management) - * [Automated Satellite](#satellite) - * [devcontainer(optional)](#devcontainer) - * [Developer Mode and understanding collections](#developer-mode-and-understanding-collections) - * [Lab Teardown](#lab-teardown) - * [Demos](#demos) - * [FAQ](#faq) - * [More info on what is happening](#more-info-on-what-is-happening) -* [Getting Help](#getting-help) +- [Ansible Automation Workshop Provisioner](#ansible-automation-workshop-provisioner) + - [Table Of Contents](#table-of-contents) + - [Table of Contents](#table-of-contents-1) + - [Requirements](#requirements) + - [Lab Setup](#lab-setup) + - [One Time Setup](#one-time-setup) + - [Ansible-Navigator](#ansible-navigator) + - [1. AWS Creds for Execution Environments](#1-aws-creds-for-execution-environments) + - [2. Running Ansible-Navigator from the project root](#2-running-ansible-navigator-from-the-project-root) + - [Setup (per workshop)](#setup-per-workshop) + - [Automation controller license](#automation-controller-license) + - [Automating the download of aap.tar.gz](#automating-the-download-of-aaptargz) + - [Additional examples](#additional-examples) + - [Accessing student documentation and slides](#accessing-student-documentation-and-slides) + - [Accessing instructor inventory](#accessing-instructor-inventory) + - [DNS](#dns) + - [Smart Management](#smart-management) + - [Automated Satellite](#automated-satellite) + - [devcontainer](#devcontainer) + - [Developer Mode and understanding collections](#developer-mode-and-understanding-collections) + - [Lab Teardown](#lab-teardown) + - [Demos](#demos) + - [FAQ](#faq) + - [More info on what is happening](#more-info-on-what-is-happening) +- [Getting Help](#getting-help) ## Requirements @@ -154,6 +156,10 @@ ee_images: # "Default execution environment" for controller ee_default_image: "{{ ee_registry_name }}/ee-supported-rhel8:latest" +# By default pre_build is set to true, this allows people with access to specific AMIs +# built by the Red Hat Ansible Team to be shared with AWS organizations/accounts to speed up +# provisioning and reduce errors +pre_build: false ``` ### Automation controller license diff --git a/provisioner/ansible.cfg b/provisioner/ansible.cfg index 0f5e1cc5d..5a472464f 100644 --- a/provisioner/ansible.cfg +++ b/provisioner/ansible.cfg @@ -3,7 +3,7 @@ host_key_checking = False inventory = hosts forks = 50 retry_files_enabled = False -callback_enabled = timer, profile_tasks +callbacks_enabled = ansible.posix.profile_tasks [persistent_connection] connect_timeout = 60 command_timeout = 60 diff --git a/provisioner/group_vars/all/all.yml b/provisioner/group_vars/all/all.yml index 33017e5eb..67aa614b2 100644 --- a/provisioner/group_vars/all/all.yml +++ b/provisioner/group_vars/all/all.yml @@ -3,7 +3,7 @@ workshop_version: aug11-2022 student_user: student admin_password: ansible code_server: true -workshop_dns_zone: "rhdemo.io" +workshop_dns_zone: "demoredhat.com" s3_state: "present" teardown: false controllerinstall: true @@ -22,14 +22,11 @@ valid_workshop_types: - network - f5 - rhel - - devops - security - windows - rhel_90 - demo - - smart_mgmt - auto_satellite - - middleware - configascode - ripu network_type: multivendor diff --git a/provisioner/network.yml b/provisioner/network.yml new file mode 100644 index 000000000..853d63c07 --- /dev/null +++ b/provisioner/network.yml @@ -0,0 +1,8 @@ +--- +- hosts: student1-rtr1 + gather_facts: false + vars: + ansible_libssh_publickey_algorithms: "ssh-rsa" + tasks: + - name: gather facts + cisco.ios.ios_facts: diff --git a/provisioner/packer/README.md b/provisioner/packer/README.md index 6d3826d53..4c4299aa2 100644 --- a/provisioner/packer/README.md +++ b/provisioner/packer/README.md @@ -3,3 +3,7 @@ Work In Progress (WIP) ```bash packer build --force automation-controller.pkr.hcl ``` + +```bash +packer build --force automation-controller9.pkr.hcl +``` \ No newline at end of file diff --git a/provisioner/packer/build_controller.yml b/provisioner/packer/build_controller.yml new file mode 100644 index 000000000..64119171b --- /dev/null +++ b/provisioner/packer/build_controller.yml @@ -0,0 +1,11 @@ +--- +- name: Build Packer Image for Automation controller + hosts: localhost + gather_facts: false + tasks: + + - name: Build and push the box using Packer. + async: 1500 + poll: 5 + command: > + packer build --force automation-controller.pkr.hcl \ No newline at end of file diff --git a/provisioner/packer/pre_build_controller.yml b/provisioner/packer/pre_build_controller.yml index 5ef5282c4..8ab8be72f 100644 --- a/provisioner/packer/pre_build_controller.yml +++ b/provisioner/packer/pre_build_controller.yml @@ -14,12 +14,19 @@ gather_facts: true become: true vars: - dns_type: none controllerinstall: true code_server: true username: student student: "{{ username }}" + short_name: "ansible-1" tasks: + - name: Set hostname + ansible.builtin.hostname: + name: "{{ short_name|default('ansible-1') }}" + - name: Setup /etc/hosts file per student + ansible.builtin.template: + src: "{{ playbook_dir }}/templates/etchosts.j2" + dest: "/etc/hosts" - name: Print out ansible_host var ansible.builtin.include_vars: file: "../group_vars/all/all.yml" @@ -42,4 +49,4 @@ ansible.builtin.include_role: name: ../../roles/control_node - include_role: - name: ../../roles/code_server + name: ../../roles/code_server_native diff --git a/provisioner/packer/templates/etchosts.j2 b/provisioner/packer/templates/etchosts.j2 new file mode 100644 index 000000000..f3d93748f --- /dev/null +++ b/provisioner/packer/templates/etchosts.j2 @@ -0,0 +1,5 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +127.0.0.1 {{ short_name }} + diff --git a/provisioner/provision_lab.yml b/provisioner/provision_lab.yml index 64f8b192e..a2e3eeadd 100644 --- a/provisioner/provision_lab.yml +++ b/provisioner/provision_lab.yml @@ -108,21 +108,21 @@ ansible.builtin.include_role: name: ../roles/control_node_always - - name: Install and configure code server using code_server role + - name: Add dns entries for all student control nodes using aws_dns role ansible.builtin.include_role: - name: ../roles/code_server + name: ../roles/aws_dns when: - - code_server is defined - - code_server + - dns_type is defined + - dns_type == "aws" - controllerinstall is defined - controllerinstall - - name: Add dns entries for all student control nodes using aws_dns role + - name: Install and configure code server using code_server role ansible.builtin.include_role: - name: ../roles/aws_dns + name: ../roles/code_server_native when: - - dns_type is defined - - dns_type == "aws" + - code_server is defined + - code_server - controllerinstall is defined - controllerinstall diff --git a/provisioner/workshop_specific/network.yml b/provisioner/workshop_specific/network.yml index 84ba48c5b..e4a96aba6 100644 --- a/provisioner/workshop_specific/network.yml +++ b/provisioner/workshop_specific/network.yml @@ -1,4 +1,15 @@ --- +- name: configure control node for legacy crypto + hosts: "control_nodes" + become: true + gather_facts: false + tasks: + - name: Configure crypto policies + include_role: + name: redhat.rhel_system_roles.crypto_policies + vars: + - crypto_policies_policy: LEGACY + - name: wait for routers to have ssh reachability hosts: "routers" gather_facts: false diff --git a/provisioner/workshop_specific/ripu.yml b/provisioner/workshop_specific/ripu.yml index f74903a6b..7d87b4289 100644 --- a/provisioner/workshop_specific/ripu.yml +++ b/provisioner/workshop_specific/ripu.yml @@ -16,10 +16,7 @@ ripu_project_scm_branch: 'main' controller_infra_workloads: - redhat_cop.controller_configuration.credential_types - # - redhat_cop.controller_configuration.credentials - redhat_cop.controller_configuration.projects - # - redhat_cop.controller_configuration.inventories - # - redhat_cop.controller_configuration.inventory_sources - redhat_cop.controller_configuration.job_templates controller_hostname: "https://{{ ansible_host }}" controller_username: admin @@ -130,13 +127,13 @@ - name: Copy controller key to cockpit ansible.builtin.copy: - src: "/etc/tower/tower.key" + src: "/home/{{ username }}/{{ student }}.{{ ec2_name_prefix|lower|default('unknown') }}.{{ workshop_dns_zone|default('example.com') }}/privkey.pem" dest: "/etc/cockpit/ws-certs.d/00-signed.key" remote_src: true - name: Copy controller cert to cockpit ansible.builtin.copy: - src: "/etc/tower/tower.cert" + src: "/home/{{ username }}/{{ student }}.{{ ec2_name_prefix|lower|default('unknown') }}.{{ workshop_dns_zone|default('example.com') }}/cert.pem" dest: "/etc/cockpit/ws-certs.d/00-signed.cert" remote_src: true @@ -153,6 +150,7 @@ instance-state-name: running "tag:Workshop_node1": "{{ec2_name_prefix}}-node1" delegate_to: localhost + become: false register: node1_node_facts - name: Grab ec2_instance_info for node2 @@ -162,6 +160,7 @@ instance-state-name: running "tag:Workshop_node2": "{{ec2_name_prefix}}-node2" delegate_to: localhost + become: false register: node2_node_facts - name: Grab ec2_instance_info for node3 @@ -171,6 +170,7 @@ instance-state-name: running "tag:Workshop_node3": "{{ec2_name_prefix}}-node3" delegate_to: localhost + become: false register: node3_node_facts - name: Grab ec2_instance_info for node4 @@ -180,6 +180,7 @@ instance-state-name: running "tag:Workshop_node4": "{{ec2_name_prefix}}-node4" delegate_to: localhost + become: false register: node4_node_facts - name: Populate ssh host keys to known_hosts @@ -226,6 +227,37 @@ delay: 15 # Every 15 seconds retries: 16 # 4 minutes 4*60/15 + - name: Retrieve execution environment named "ripu workshop" + vars: + awx_url: "https://{{ student }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}" + awx_username: admin + awx_password: "{{ admin_password }}" + set_fact: + ee_details: "{{ lookup('awx.awx.controller_api', 'execution_environments', host=awx_url, username=awx_username, password=awx_password, verify_ssl=False, query_params={'name': 'ripu workshop execution environment'}, return_values=True) }}" + register: ee_retrieve + until: ee_retrieve is not failed + + - name: debug ee_details + debug: + var: ee_details + + - name: Extract image from execution environment details + set_fact: + ee_image: "{{ ee_details.image | default('registry.redhat.io/ansible-automation-platform-23/ee-supported-rhel8:1.0.0-208') }}" + + - name: Print execution environment image to terminal + debug: + var: ee_image + + - name: Add EE to the controller instance + awx.awx.execution_environment: + name: "ripu workshop execution environment" + image: "{{ ee_image }}" + credential: registry.redhat.io credential + controller_username: admin + controller_password: "{{ admin_password }}" + controller_host: "https://{{ student }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}" + - name: Run Update inventories via dynamic sources job template - RHEL7 awx.awx.job_launch: job_template: "UTILITY / Update inventories via dynamic sources" diff --git a/roles/aap_download/defaults/main.yml b/roles/aap_download/defaults/main.yml index 3a50e13fd..8862e3a16 100644 --- a/roles/aap_download/defaults/main.yml +++ b/roles/aap_download/defaults/main.yml @@ -1,3 +1,3 @@ --- -# Last Modified 2023-8-30 - sean -provided_sha_value: f5c834de9ad0b8ddbd0182b8f75127d4857e7c2a136e6c4f66ef5b92b2a41bb9 +# Last Modified 2023-10-9 - sean +provided_sha_value: 11e23e06da6e660c06ebd960884ae34a2ffb97a1d704579fd3ec9f6ae5f1a09a diff --git a/roles/aap_download/tasks/main.yml b/roles/aap_download/tasks/main.yml index 7a4c40168..99a1f76d3 100644 --- a/roles/aap_download/tasks/main.yml +++ b/roles/aap_download/tasks/main.yml @@ -1,10 +1,25 @@ --- - name: check if aap.tar.gz exists - stat: + debug: + msg: "{{ playbook_dir }}/aap.tar.gz" + +- name: Check if aap.tar.gz exists with stat module + ansible.builtin.stat: path: "{{ playbook_dir }}/aap.tar.gz" checksum_algorithm: sha256 register: stat_var +- name: Print out stat_var + ansible.builtin.debug: + msg: "stat_var: {{ stat_var }}" + +- name: Check if aap.tar.gz exists with stat module for symbolic link + ansible.builtin.stat: + path: "{{ stat_var.stat.lnk_source }}" + checksum_algorithm: sha256 + register: stat_var + when: stat_var.stat.checksum is undefined + - name: attempt to download specified AAP from specified URL if we don't already have it when: - aap_download_url is defined @@ -37,6 +52,13 @@ checksum_algorithm: sha256 register: stat_var +- name: Check if aap.tar.gz exists with stat module for symbolic link + ansible.builtin.stat: + path: "{{ stat_var.stat.lnk_source }}" + checksum_algorithm: sha256 + register: stat_var + when: stat_var.stat.checksum is undefined + - name: Verify sha256sum of aap.tar.gz fail: msg: "Failure, sha256sum does not match" diff --git a/roles/aws_dns/tasks/teardown.yml b/roles/aws_dns/tasks/teardown.yml index bc9e7a620..653788a9a 100644 --- a/roles/aws_dns/tasks/teardown.yml +++ b/roles/aws_dns/tasks/teardown.yml @@ -20,7 +20,7 @@ record: "student{{item}}.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" type: A value: "{{ (records | first | first)['Value'] }}" - loop: "{{ range(1, student_total + 1)|list }}" + loop: "{{ range(1, student_total|int + 1)|list }}" vars: records: '{{ record_sets.ResourceRecordSets | selectattr("Name", "match", "student" + item|string + "." + ec2_name_prefix|lower + "." + workshop_dns_zone) | map(attribute="ResourceRecords") | list }}' when: records | length > 0 @@ -41,7 +41,7 @@ record: "student{{item}}-sat.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" type: A value: "{{ (records | first | first)['Value'] }}" - loop: "{{ range(1, student_total + 1)|list }}" + loop: "{{ range(1, student_total|int + 1)|list }}" vars: records: '{{record_sets_sat.ResourceRecordSets | selectattr("Name", "match", "student" + item|string + "-sat." + ec2_name_prefix|lower + "." + workshop_dns_zone) | map(attribute="ResourceRecords") | list }}' when: records | length > 0 diff --git a/roles/code_server_container/README.md b/roles/code_server_container/README.md new file mode 100644 index 000000000..91c30f402 --- /dev/null +++ b/roles/code_server_container/README.md @@ -0,0 +1,27 @@ +# Code Server Role + +This roll will install [code server](https://github.com/cdr/code-server) onto a Red Hat Enterprise Linux (RHEL) node that also has Ansible Automation Platform installed (i.e. Tower/Controller). It supports both Ansible Tower and Automation controller. + +This is tested on RHEL 8.X + +Example: + +``` +- name: configure ansible control node + hosts: 'controller_hosts' + gather_facts: true + become: true + vars: + workshop_dns_zone: "demoredhat.com" + admin_password: ansible123 + username: "student1" + ec2_name_prefix: "my_workbench" + + tasks: + - include_role: + name: ansible.workshops.code_server +``` + +# Requirements + +- AWS (Amazon Web Services) account with Route53 access - this role is only currently supported with route53 and uses the `community.aws.route53` module diff --git a/roles/code_server_container/defaults/main.yml b/roles/code_server_container/defaults/main.yml new file mode 100644 index 000000000..4903762f0 --- /dev/null +++ b/roles/code_server_container/defaults/main.yml @@ -0,0 +1,5 @@ +--- +aap_dir: "/home/{{ username }}/aap_install" +codeserver_url: https://github.com/coder/code-server/releases/download/v4.9.1/code-server-4.9.1-amd64.rpm +codeserver_rescue_url: https://github.com/coder/code-server/releases/download/v4.9.1/code-server-4.9.1-amd64.rpm +username: "ec2-user" diff --git a/roles/code_server_container/tasks/codeserver.yml b/roles/code_server_container/tasks/codeserver.yml new file mode 100644 index 000000000..28b70cf2c --- /dev/null +++ b/roles/code_server_container/tasks/codeserver.yml @@ -0,0 +1,109 @@ +--- +- name: Pull code-server image + become_user: "{{ username }}" + containers.podman.podman_image: + name: "docker.io/codercom/code-server:latest" + register: podman_pull + until: podman_pull is not failed + retries: 5 + delay: 15 + +- name: Create code-server directories + become_user: "{{ username }}" + file: + path: "{{ item }}" + state: directory + mode: '0777' + loop: + - "/home/{{ username }}/code-server-config" + - "/home/{{ username }}/code-server-project" + +- name: Ensure code-server container is running + become_user: "{{ username }}" + containers.podman.podman_container: + name: code-server + image: codercom/code-server:latest + state: started + ports: + - "8080:8080" + env: + DOCKER_USER: "{{ username }}" + PASSWORD: "{{ admin_password }}" + volumes: + - "/home/{{ username }}/code-server-config:/home/coder/.config:Z" + - "/home/{{ username }}/code-server-project:/home/coder/project:Z" + when: + - dns_type is defined + - dns_type == "none" + +- name: Ensure code-server container is running with DNS + become_user: "{{ username }}" + containers.podman.podman_container: + name: code-server + image: codercom/code-server:latest + state: started + ports: + - "8080:8080" + volumes: + - "/home/{{ username }}/code-server-config:/home/coder/.config:Z" + - "/home/{{ username }}/code-server-project:/home/coder/project:Z" + - "/home/{{ username }}/{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}:/home/coder/certs:Z" + env: + DOCKER_USER: "{{ username }}" + PASSWORD: "{{ admin_password }}" + command: + - "--cert" + - "/home/coder/certs/cert.pem" + - "--cert-key" + - "/home/coder/certs/privkey.pem" + when: + - dns_type is defined + - dns_type != "none" + +# source: https://vscode.readthedocs.io/en/latest/getstarted/settings/ +# - name: ensure custom facts directory exists +# ansible.builtin.file: +# path: "/home/{{ username }}/.local/share/code-server/User/" +# recurse: true +# state: directory +# owner: "{{ username }}" + +# - name: Apply code server defaults +# ansible.builtin.template: +# src: settings.json +# dest: "/home/{{ username }}/.local/share/code-server/User/settings.json" +# owner: "{{ username }}" + +# - name: Create a directory if it does not exist +# ansible.builtin.file: +# path: /home/{{ username }}/.local/share/code-server/extensions/ +# state: directory +# owner: "{{ username }}" +# group: "{{ username }}" + +# - name: Download files for vscode +# ansible.builtin.get_url: +# url: "{{ item }}" +# dest: /home/{{ username }}/.local/share/code-server/extensions/ +# owner: "{{ username }}" +# group: "{{ username }}" +# loop: +# - https://github.com/ansible/workshops/raw/devel/files/bierner.markdown-preview-github-styles-0.1.6.vsix +# - https://github.com/ansible/workshops/raw/devel/files/hnw.vscode-auto-open-markdown-preview-0.0.4.vsix +# - https://github.com/ansible/workshops/raw/devel/files/redhat.ansible-0.4.5.vsix +# register: download_extension +# until: download_extension is not failed +# retries: 5 + +# - name: install ansible and markdown extensions +# become_user: "{{ username }}" +# ansible.builtin.command: "/bin/code-server --install-extension /home/{{ username }}/.local/share/code-server/extensions/{{ item }}" +# loop: +# - bierner.markdown-preview-github-styles-0.1.6.vsix +# - hnw.vscode-auto-open-markdown-preview-0.0.4.vsix +# - redhat.ansible-0.4.5.vsix +# ignore_errors: true +# register: install_extension +# until: install_extension is not failed +# retries: 5 + diff --git a/roles/code_server_container/tasks/dns.yml b/roles/code_server_container/tasks/dns.yml new file mode 100644 index 000000000..a2ddcbb98 --- /dev/null +++ b/roles/code_server_container/tasks/dns.yml @@ -0,0 +1,21 @@ +--- +- name: Ensure cert directory exists + ansible.builtin.file: + path: "/home/ec2-user/{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}" + state: directory + owner: "{{ username }}" + group: "{{ username }}" + mode: '0755' + +- name: Copy all certs to ec2-user directory so the code-server container can use it + become: true + become_user: root + ansible.builtin.copy: + src: "/etc/letsencrypt/live/{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}/" + dest: "/home/ec2-user/{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}/" + owner: "{{ username }}" + group: "{{ username }}" + mode: preserve + follow: yes + remote_src: true + directory_mode: '0755' \ No newline at end of file diff --git a/roles/code_server_container/tasks/main.yml b/roles/code_server_container/tasks/main.yml new file mode 100644 index 000000000..7b05e5d1e --- /dev/null +++ b/roles/code_server_container/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Print out pre_build var and dns_type + ansible.builtin.debug: + msg: + - pre_build: "{{ pre_build | default('none set') }}" + - dns_type: "{{ dns_type | default('none set') }}" + +- name: Ensure code-server container is absent (deleted) + become_user: "{{ username }}" + containers.podman.podman_container: + name: code-server + state: absent + +- name: Setup SSL for the code-server container + include_tasks: "dns.yml" + when: + - dns_type is defined + - dns_type != "none" + +- name: setup vscode for web browser access + include_tasks: "codeserver.yml" diff --git a/roles/code_server_container/tasks/teardown.yml b/roles/code_server_container/tasks/teardown.yml new file mode 100644 index 000000000..04f959324 --- /dev/null +++ b/roles/code_server_container/tasks/teardown.yml @@ -0,0 +1,6 @@ +--- +- name: delete DNS specific information + include_tasks: "{{ item }}" + with_first_found: + - "{{ role_path }}/tasks/dns/{{ dns_type }}.yml" + - "{{ role_path }}/tasks/dns/none.yml" diff --git a/roles/code_server_container/templates/code-server.service.j2 b/roles/code_server_container/templates/code-server.service.j2 new file mode 100644 index 000000000..1ed907eb3 --- /dev/null +++ b/roles/code_server_container/templates/code-server.service.j2 @@ -0,0 +1,23 @@ +[Unit] +Description=Code Server IDE +After=network.target + +[Service] +Type=simple +User={{ username }} +WorkingDirectory=/home/{{ username }} +Restart=on-failure +RestartSec=10 +{% if workshop_type is defined %} +Environment="PASSWORD={{ admin_password }}" + +ExecStart=/bin/code-server +{% else %} +ExecStart=/bin/code-server --auth none +{% endif %} + +ExecStop=/bin/kill -s QUIT $MAINPID + + +[Install] +WantedBy=multi-user.target diff --git a/roles/code_server_container/templates/nginx_instruqt.conf b/roles/code_server_container/templates/nginx_instruqt.conf new file mode 100644 index 000000000..8cb8ce80d --- /dev/null +++ b/roles/code_server_container/templates/nginx_instruqt.conf @@ -0,0 +1,9 @@ + + location /editor/ { + proxy_pass http://127.0.0.1:8080/; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection upgrade; + proxy_set_header Accept-Encoding gzip; + proxy_redirect off; + } diff --git a/roles/code_server_container/templates/settings.json b/roles/code_server_container/templates/settings.json new file mode 100644 index 000000000..4a15c2472 --- /dev/null +++ b/roles/code_server_container/templates/settings.json @@ -0,0 +1,17 @@ +{ + "git.ignoreLegacyWarning": true, + "terminal.integrated.experimentalRefreshOnResume": true, + "window.menuBarVisibility": "visible", + "git.enableSmartCommit": true, + "workbench.tips.enabled": false, + "workbench.startupEditor": "readme", + "telemetry.enableTelemetry": false, + "search.smartCase": true, + "git.confirmSync": false, + "workbench.colorTheme": "Visual Studio Dark", + "ansible.ansibleLint.enabled": false, + "ansible.ansible.useFullyQualifiedCollectionNames": true, + "files.associations": { + "*.yml": "ansible" + } +} diff --git a/roles/code_server_native/README.md b/roles/code_server_native/README.md new file mode 100644 index 000000000..91c30f402 --- /dev/null +++ b/roles/code_server_native/README.md @@ -0,0 +1,27 @@ +# Code Server Role + +This roll will install [code server](https://github.com/cdr/code-server) onto a Red Hat Enterprise Linux (RHEL) node that also has Ansible Automation Platform installed (i.e. Tower/Controller). It supports both Ansible Tower and Automation controller. + +This is tested on RHEL 8.X + +Example: + +``` +- name: configure ansible control node + hosts: 'controller_hosts' + gather_facts: true + become: true + vars: + workshop_dns_zone: "demoredhat.com" + admin_password: ansible123 + username: "student1" + ec2_name_prefix: "my_workbench" + + tasks: + - include_role: + name: ansible.workshops.code_server +``` + +# Requirements + +- AWS (Amazon Web Services) account with Route53 access - this role is only currently supported with route53 and uses the `community.aws.route53` module diff --git a/roles/code_server_native/defaults/main.yml b/roles/code_server_native/defaults/main.yml new file mode 100644 index 000000000..b752225f5 --- /dev/null +++ b/roles/code_server_native/defaults/main.yml @@ -0,0 +1,4 @@ +--- +aap_dir: "/home/{{ username }}/aap_install" +codeserver_url: https://github.com/coder/code-server/releases/download/v4.17.1/code-server-4.17.1-amd64.rpm +username: "student" diff --git a/roles/code_server_native/handlers/main.yml b/roles/code_server_native/handlers/main.yml new file mode 100644 index 000000000..f928c56b1 --- /dev/null +++ b/roles/code_server_native/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart code-server + ansible.builtin.systemd: + name: "code-server@{{ username }}" + enabled: yes + state: restarted \ No newline at end of file diff --git a/roles/code_server_native/tasks/codeserver.yml b/roles/code_server_native/tasks/codeserver.yml new file mode 100644 index 000000000..4504418b9 --- /dev/null +++ b/roles/code_server_native/tasks/codeserver.yml @@ -0,0 +1,108 @@ +--- +- name: Ensure code-server configuration directory exists + ansible.builtin.file: + path: "/home/{{ username }}/.config/code-server" + state: directory + mode: '0755' + when: not pre_build|bool + +- name: Ensure code-server config.yaml configuration is set | DNS off + ansible.builtin.copy: + content: | + bind-addr: 0.0.0.0:8080 + password: "{{ admin_password }}" + dest: "/home/{{ username }}/.config/code-server/config.yaml" + mode: '0644' + notify: + - Restart code-server + when: + - dns_type is defined + - dns_type == "none" + +- name: Ensure code-server config.yaml configuration is set | DNS on + when: + - dns_type is defined + - dns_type == "aws" + ansible.builtin.copy: + content: | + bind-addr: 0.0.0.0:8080 + cert: "/home/{{ username }}/{{ student }}.{{ ec2_name_prefix|lower|default('unknown') }}.{{ workshop_dns_zone|default('example.com') }}/cert.pem" + cert-key: "/home/{{ username }}/{{ student }}.{{ ec2_name_prefix|lower|default('unknown') }}.{{ workshop_dns_zone|default('example.com') }}/privkey.pem" + password: "{{ admin_password }}" + dest: "/home/{{ username }}/.config/code-server/config.yaml" + mode: '0644' + notify: + - Restart code-server + +- name: Download code-server RPM + ansible.builtin.get_url: + url: "https://github.com/coder/code-server/releases/download/v4.17.1/code-server-4.17.1-amd64.rpm" + dest: "/tmp/code-server.rpm" + mode: '0755' + when: not pre_build|bool + +- name: Install code-server + ansible.builtin.yum: + name: "/tmp/code-server.rpm" + state: present + disable_gpg_check: true + when: not pre_build|bool + +- name: Enable and start code-server for student + ansible.builtin.systemd: + name: "code-server@{{ username }}" + enabled: yes + state: started + +# source: https://vscode.readthedocs.io/en/latest/getstarted/settings/ +- name: ensure custom facts directory exists + ansible.builtin.file: + path: "/home/{{ username }}/.local/share/code-server/User/" + recurse: true + state: directory + owner: "{{ username }}" + when: not pre_build|bool + +- name: Apply code server defaults + ansible.builtin.template: + src: settings.json + dest: "/home/{{ username }}/.local/share/code-server/User/settings.json" + owner: "{{ username }}" + when: not pre_build|bool + +- name: Create a directory if it does not exist + ansible.builtin.file: + path: /home/{{ username }}/.local/share/code-server/extensions/ + state: directory + owner: "{{ username }}" + group: "{{ username }}" + when: not pre_build|bool + +- name: Download files for vscode + ansible.builtin.get_url: + url: "{{ item }}" + dest: /home/{{ username }}/.local/share/code-server/extensions/ + owner: "{{ username }}" + group: "{{ username }}" + loop: + - https://github.com/ansible/workshops/raw/devel/files/bierner.markdown-preview-github-styles-0.1.6.vsix + - https://github.com/ansible/workshops/raw/devel/files/hnw.vscode-auto-open-markdown-preview-0.0.4.vsix + - https://github.com/ansible/workshops/raw/devel/files/redhat.ansible-0.4.5.vsix + register: download_extension + until: download_extension is not failed + retries: 5 + when: not pre_build|bool + +- name: install ansible and markdown extensions + become_user: "{{ username }}" + ansible.builtin.command: "/bin/code-server --install-extension /home/{{ username }}/.local/share/code-server/extensions/{{ item }}" + loop: + - bierner.markdown-preview-github-styles-0.1.6.vsix + - hnw.vscode-auto-open-markdown-preview-0.0.4.vsix + - redhat.ansible-0.4.5.vsix + ignore_errors: true + register: install_extension + until: install_extension is not failed + retries: 5 + when: not pre_build|bool + diff --git a/roles/code_server_native/tasks/dns.yml b/roles/code_server_native/tasks/dns.yml new file mode 100644 index 000000000..eb55a7d4e --- /dev/null +++ b/roles/code_server_native/tasks/dns.yml @@ -0,0 +1,28 @@ +--- +- name: Ensure cert directory exists + ansible.builtin.file: + path: "/home/{{ username }}/{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}" + state: directory + owner: "{{ username }}" + group: "{{ username }}" + mode: '0755' + +- name: Copy cert.pem to student + become: true + become_user: root + ansible.builtin.copy: + src: "/etc/letsencrypt/live/{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}/cert.pem" + dest: "/home/{{ username }}/{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}/cert.pem" + owner: "{{ username }}" + group: "{{ username }}" + remote_src: true + +- name: Copy privkey.pem to student + become: true + become_user: root + ansible.builtin.copy: + src: "/etc/letsencrypt/live/{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}/privkey.pem" + dest: "/home/{{ username }}/{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}/privkey.pem" + owner: "{{ username }}" + group: "{{ username }}" + remote_src: true diff --git a/roles/code_server_native/tasks/main.yml b/roles/code_server_native/tasks/main.yml new file mode 100644 index 000000000..0a2315f20 --- /dev/null +++ b/roles/code_server_native/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: Print out pre_build var and dns_type + ansible.builtin.debug: + msg: + - pre_build: "{{ pre_build | default('none set') }}" + - dns_type: "{{ dns_type | default('none set') }}" + +- name: Setup SSL for the code-server container + include_tasks: "dns.yml" + when: + - dns_type is defined + - dns_type != "none" + +- name: setup vscode for web browser access + include_tasks: "codeserver.yml" diff --git a/roles/code_server_native/tasks/teardown.yml b/roles/code_server_native/tasks/teardown.yml new file mode 100644 index 000000000..04f959324 --- /dev/null +++ b/roles/code_server_native/tasks/teardown.yml @@ -0,0 +1,6 @@ +--- +- name: delete DNS specific information + include_tasks: "{{ item }}" + with_first_found: + - "{{ role_path }}/tasks/dns/{{ dns_type }}.yml" + - "{{ role_path }}/tasks/dns/none.yml" diff --git a/roles/code_server_native/templates/settings.json b/roles/code_server_native/templates/settings.json new file mode 100644 index 000000000..4a15c2472 --- /dev/null +++ b/roles/code_server_native/templates/settings.json @@ -0,0 +1,17 @@ +{ + "git.ignoreLegacyWarning": true, + "terminal.integrated.experimentalRefreshOnResume": true, + "window.menuBarVisibility": "visible", + "git.enableSmartCommit": true, + "workbench.tips.enabled": false, + "workbench.startupEditor": "readme", + "telemetry.enableTelemetry": false, + "search.smartCase": true, + "git.confirmSync": false, + "workbench.colorTheme": "Visual Studio Dark", + "ansible.ansibleLint.enabled": false, + "ansible.ansible.useFullyQualifiedCollectionNames": true, + "files.associations": { + "*.yml": "ansible" + } +} diff --git a/roles/control_node/defaults/main.yml b/roles/control_node/defaults/main.yml index 3e5d7fcd5..b9f5347e0 100644 --- a/roles/control_node/defaults/main.yml +++ b/roles/control_node/defaults/main.yml @@ -1,7 +1,8 @@ --- username: "ec2-user" -aap_dir: "/home/{{ username }}/aap_install" +aap_dir: "/home/ec2-user/aap_install" output_dir: "{{ playbook_dir }}/{{ ec2_name_prefix }}" # Controller install command -controller_install_command: "./setup.sh -e gpgcheck=0" +# controller_install_command: "./setup.sh -e gpgcheck=0" +controller_install_command: "ansible-playbook -i inventory ansible.containerized_installer.install -e gpgcheck=0" \ No newline at end of file diff --git a/roles/control_node/files/users.yml b/roles/control_node/files/users.yml new file mode 100644 index 000000000..46d5e3408 --- /dev/null +++ b/roles/control_node/files/users.yml @@ -0,0 +1,5 @@ +--- +controller_user_accounts: + - user: controller_user + is_superuser: false + password: controller_password \ No newline at end of file diff --git a/roles/control_node/tasks/10_aap_setup.yml b/roles/control_node/tasks/10_aap_setup.yml index 169c0a30f..6f199e523 100644 --- a/roles/control_node/tasks/10_aap_setup.yml +++ b/roles/control_node/tasks/10_aap_setup.yml @@ -1,38 +1,48 @@ --- - name: Create tmp directory to store AAP tar.gz - tempfile: + ansible.builtin.tempfile: state: directory suffix: "aapbundle" register: tempdir -- name: copy AAP tar.gz - copy: +- name: Copy AAP tar.gz + ansible.builtin.copy: src: "{{ aap_archive | default(playbook_dir + '/aap.tar.gz') }}" dest: "{{ tempdir.path }}/aap.tar.gz" - name: Create directory for automation controller - file: + ansible.builtin.file: path: "{{ aap_dir }}" state: directory - name: Extract AAP tar.gz install - unarchive: + ansible.builtin.unarchive: src: "{{ tempdir.path }}/aap.tar.gz" dest: "{{ aap_dir }}" remote_src: true extra_opts: ['--strip-components=1', '--show-stored-names'] -- name: Set AAP local repository on controller node - yum_repository: - name: aap_installer - description: aap_installer - baseurl: "file:///{{ aap_dir }}/bundle/packages/el8/repos/" - gpgcheck: false - become: true +# - name: Set AAP local repository on controller node +# ansible.builtin.yum_repository: +# name: aap_installer +# description: aap_installer +# baseurl: "file:///{{ aap_dir }}/bundle/packages/el8/repos/" +# gpgcheck: false +# become: true - name: Install vimrc in home directory - template: + ansible.builtin.template: src: vimrc.j2 dest: "/home/{{ username }}/.vimrc" owner: "{{ username }}" group: "{{ username }}" + +- name: Install ansible-core + dnf: + name: + - ansible-core + state: present + register: dnf_check + until: dnf_check is not failed + retries: 4 + delay: 5 \ No newline at end of file diff --git a/roles/control_node/tasks/12_controller.yml b/roles/control_node/tasks/12_controller.yml index f0857c67e..bb870fafe 100644 --- a/roles/control_node/tasks/12_controller.yml +++ b/roles/control_node/tasks/12_controller.yml @@ -11,13 +11,42 @@ dest: "{{ aap_dir }}/inventory" when: create_cluster is defined and create_cluster|bool +- name: Copy manifest.zip to {{ app_dir }} + ansible.builtin.copy: + src: "{{ playbook_dir }}/manifest.zip" + dest: "{{ aap_dir }}" + owner: "{{ username }}" + group: "{{ username }}" + mode: '0644' + +- name: Create {{ aap_dir }}/config directory + ansible.builtin.file: + path: "{{ aap_dir }}/config" + state: directory + mode: '0755' + +- name: Copy users.yml to {{ aap_dir }}/config + ansible.builtin.copy: + src: "users.yml" + dest: "{{ aap_dir }}/config" + owner: "{{ username }}" + group: "{{ username }}" + mode: '0644' + - name: run the Automation Controller installer + become: true + become_user: ec2-user + environment: + ANSIBLE_COLLECTIONS_PATH: "{{ aap_dir }}/collections" shell: "{{ controller_install_command }}" args: chdir: "{{ aap_dir }}" async: 1400 poll: 15 +# - name: run the Automation Controller installer +# ansible.builtin.import_playbook: ansible.containerized_installer.install + - name: wait for Automation Controller to be up uri: url: https://localhost/api/v2/ping/ @@ -34,66 +63,41 @@ debug: msg: '{{ check2.json }}' -- name: load license block - block: - - name: check for base64 variable first - copy: - dest: '{{ playbook_dir }}/manifest.zip' - content: '{{ base64_manifest | b64decode }}' - delegate_to: localhost - become: false - when: base64_manifest is defined - - name: unable to load base64_manifest - debug: - msg: 'No base64_manifest variable found, trying to open manifest.zip' - when: base64_manifest is undefined - - name: Load manifest into variable - local_action: - module: slurp - src: "{{ playbook_dir }}/manifest.zip" - register: manifest_file - become: false +# - name: load license block +# block: +# - name: check for base64 variable first +# copy: +# dest: '{{ playbook_dir }}/manifest.zip' +# content: '{{ base64_manifest | b64decode }}' +# delegate_to: localhost +# become: false +# when: base64_manifest is defined +# - name: unable to load base64_manifest +# debug: +# msg: 'No base64_manifest variable found, trying to open manifest.zip' +# when: base64_manifest is undefined +# - name: Load manifest into variable +# local_action: +# module: slurp +# src: "{{ playbook_dir }}/manifest.zip" +# register: manifest_file +# become: false -- name: Post manifest file - uri: - url: https://localhost/api/v2/config/ - method: POST - user: admin - password: "{{ admin_password }}" - body: '{ "eula_accepted": true, "manifest": "{{ manifest_file.content }}" }' - body_format: json - validate_certs: false - force_basic_auth: true - register: license_controller - until: license_controller is not failed - retries: 5 +# - name: Post manifest file +# uri: +# url: https://localhost/api/v2/config/ +# method: POST +# user: admin +# password: "{{ admin_password }}" +# body: '{ "eula_accepted": true, "manifest": "{{ manifest_file.content }}" }' +# body_format: json +# validate_certs: false +# force_basic_auth: true +# register: license_controller +# until: license_controller is not failed +# retries: 5 ## Execution environments - -- name: Login to redhat registry - containers.podman.podman_login: - username: '{{ redhat_username }}' - password: '{{ redhat_password }}' - registry: '{{ ee_registry_name }}' - become_user: "awx" - -- name: Mod containers.conf to utilize max of 10 parallel threads - become_user: "awx" - lineinfile: - path: /var/lib/awx/.config/containers/containers.conf - line: 'image_parallel_copies=10' - insertafter: EOF - -- name: Pull supported images - become_user: "awx" - containers.podman.podman_image: - name: "{{ item }}" - loop: "{{ ee_images }}" - register: podman_pull_supported - until: podman_pull_supported is not failed - retries: 5 - delay: 15 - - name: create container registry credential awx.awx.credential: name: '{{ ee_registry_name }} credential' diff --git a/roles/control_node/templates/controller_eda_install.j2 b/roles/control_node/templates/controller_eda_install.j2 new file mode 100644 index 000000000..a688edd07 --- /dev/null +++ b/roles/control_node/templates/controller_eda_install.j2 @@ -0,0 +1,39 @@ +[automationcontroller] +{{ ansible_default_ipv4.address }} ansible_connection=local + +[automationedacontroller] +{{ ansible_default_ipv4.address }} ansible_connection=local + +[database] +{{ ansible_default_ipv4.address }} ansible_connection=local + + +[all:vars] +admin_password='{{ admin_password }}' +automationcontroller_client_max_body_size='20M' + +pg_host='{{ ansible_default_ipv4.address }}' +pg_port='5432' + +pg_database='awx' +pg_username='awx' +pg_password='{{ admin_password }}' +pg_sslmode='prefer' + +gpgcheck='{{ gpgcheck | default(1) }}' +aw_repo_url='{{ aw_repo_url | default("https://releases.ansible.com/ansible-tower/") }}' +ignore_preflight_errors = True + +registry_url='{{ ee_registry_name }}' +registry_username='{{ redhat_username }}' +registry_password='{{ redhat_password }}' + +controller_hostname='controller.replaceme.example.com' +automationedacontroller_hostname='eda.replaceme.example.com' + +automationedacontroller_admin_password='{{ admin_password }}' +automationedacontroller_pg_host='{{ ansible_default_ipv4.address }}' +automationedacontroller_pg_port=5432 +automationedacontroller_pg_database='automationedacontroller' +automationedacontroller_pg_username='automationedacontroller' +automationedacontroller_pg_password='{{ admin_password }}' \ No newline at end of file diff --git a/roles/control_node/templates/controller_install.j2 b/roles/control_node/templates/controller_install.j2 index d5c1120f7..9739a1d32 100644 --- a/roles/control_node/templates/controller_install.j2 +++ b/roles/control_node/templates/controller_install.j2 @@ -1,5 +1,5 @@ [automationcontroller] -{{ ansible_default_ipv4.address }} ansible_connection=local +{{ short_name }} ansible_connection=local [automationhub] @@ -7,22 +7,24 @@ [servicescatalog_workers] +[database] +{{ short_name }} ansible_connection=local + [all:vars] -admin_password='{{admin_password}}' -automationcontroller_client_max_body_size='20M' +controller_admin_password='{{ admin_password }}' +controller_pg_host={{ short_name }} +controller_pg_password='{{admin_password}}' -pg_host='' -pg_port='' +postgresql_admin_username=postgres +postgresql_admin_password='{{ admin_password }}' -pg_database='awx' -pg_username='awx' -pg_password='{{admin_password}}' -pg_sslmode='prefer' # set to 'verify-full' for client-side enforced SSL +controller_postinstall=true +controller_license_file="{{ aap_dir }}/manifest.zip" +controller_postinstall_dir="{{ aap_dir }}/config" gpgcheck='{{ gpgcheck | default(1)}}' -aw_repo_url='{{ aw_repo_url | default("https://releases.ansible.com/ansible-tower/") }}' -ignore_preflight_errors = True -registry_url='{{ ee_registry_name }}' registry_username='{{ redhat_username }}' registry_password='{{ redhat_password }}' +bundle_install=true +bundle_dir='{{ aap_dir }}/bundle' \ No newline at end of file diff --git a/roles/control_node/templates/controller_install_backup.j2 b/roles/control_node/templates/controller_install_backup.j2 new file mode 100644 index 000000000..d5c1120f7 --- /dev/null +++ b/roles/control_node/templates/controller_install_backup.j2 @@ -0,0 +1,28 @@ +[automationcontroller] +{{ ansible_default_ipv4.address }} ansible_connection=local + +[automationhub] + +[database] + +[servicescatalog_workers] + +[all:vars] +admin_password='{{admin_password}}' +automationcontroller_client_max_body_size='20M' + +pg_host='' +pg_port='' + +pg_database='awx' +pg_username='awx' +pg_password='{{admin_password}}' +pg_sslmode='prefer' # set to 'verify-full' for client-side enforced SSL + +gpgcheck='{{ gpgcheck | default(1)}}' +aw_repo_url='{{ aw_repo_url | default("https://releases.ansible.com/ansible-tower/") }}' +ignore_preflight_errors = True + +registry_url='{{ ee_registry_name }}' +registry_username='{{ redhat_username }}' +registry_password='{{ redhat_password }}' diff --git a/roles/control_node_always/defaults/main.yml b/roles/control_node_always/defaults/main.yml index 71d5bb8b2..a91399971 100644 --- a/roles/control_node_always/defaults/main.yml +++ b/roles/control_node_always/defaults/main.yml @@ -3,4 +3,4 @@ aap_dir: "/home/{{ username }}/aap_install" output_dir: "{{ playbook_dir }}/{{ ec2_name_prefix }}" # Controller install command -controller_install_command: "./setup.sh -e gpgcheck=0" +run_commands_user: "ec2-user" \ No newline at end of file diff --git a/roles/control_node_always/tasks/35_controller_pre_build.yml b/roles/control_node_always/tasks/35_controller_pre_build.yml index 54fc826fb..fb917743a 100644 --- a/roles/control_node_always/tasks/35_controller_pre_build.yml +++ b/roles/control_node_always/tasks/35_controller_pre_build.yml @@ -1,8 +1,32 @@ --- -- name: Start service automation-controller-service, if not started - ansible.builtin.service: - name: automation-controller +- name: debug run_commands_user + debug: + msg: "run_commands_user: {{ run_commands_user }}" + +- name: check normal user + debug: + msg: "{{ ansible_user_id }}" + +- name: run whoami command + become: true + become_user: "{{ run_commands_user }}" + command: + cmd: "whoami" + register: whoami + +- name: debug the whoami user + debug: + msg: "{{ whoami }}" + +- name: Make sure Automation Controller is online before changing base URL + become: true + become_user: "{{ run_commands_user }}" + containers.podman.podman_container: + name: automation-controller-web state: started + register: controller_online + until: controller_online is not failed + retries: 5 - name: set password block: diff --git a/roles/control_node_always/tasks/40_route53_update.yml b/roles/control_node_always/tasks/40_route53_update.yml index a032671a3..cdae9f04e 100644 --- a/roles/control_node_always/tasks/40_route53_update.yml +++ b/roles/control_node_always/tasks/40_route53_update.yml @@ -1,12 +1,29 @@ --- -- name: create oauth2 token - shell: > - awx-manage create_oauth2_token --user admin - register: oauth2_token +# - name: create oauth2 token +# shell: > +# awx-manage create_oauth2_token --user admin +# register: oauth2_token + +- name: Create OAuth2 token for admin + awx.awx.tower_token: + controller_username: admin + controller_password: "{{ admin_password }}" + controller_host: "https://localhost" + validate_certs: false + scope: "write" # or "read" depending on your needs + register: token_result + +- name: Print token_result to terminal + debug: + var: token_result + +- name: Print token_result.ansible_facts.controller_token.token to terminal + debug: + var: token_result.ansible_facts.controller_token.token - name: Set admin oauth2 token fact set_fact: - admin_oauth2_token: "{{ oauth2_token.stdout }}" + admin_oauth2_token: "{{ token_result.ansible_facts.controller_token.token }}" - name: Install route53-update.py in /usr/local/bin template: diff --git a/roles/control_node_always/tasks/main.yml b/roles/control_node_always/tasks/main.yml index de2456bbb..5ca66c886 100644 --- a/roles/control_node_always/tasks/main.yml +++ b/roles/control_node_always/tasks/main.yml @@ -7,8 +7,7 @@ when: - controllerinstall is defined - controllerinstall|bool - - pre_build|bool - + - name: Setup Route53 update service include_tasks: 40_route53_update.yml when: tower_node_aws_api_access|default(false)|bool diff --git a/roles/control_node_always/templates/krb5.conf.j2 b/roles/control_node_always/templates/krb5.conf.j2 deleted file mode 100644 index b6b50e253..000000000 --- a/roles/control_node_always/templates/krb5.conf.j2 +++ /dev/null @@ -1,25 +0,0 @@ -# Configuration snippets may be placed in this directory as well -includedir /etc/krb5.conf.d/ - -[logging] - default = FILE:/var/log/krb5libs.log - kdc = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmind.log - -[libdefaults] - dns_lookup_realm = false - ticket_lifetime = 24h - renew_lifetime = 7d - forwardable = true - rdns = false - default_realm = {{ workshop_dns_zone | upper }} - default_ccache_name = KEYRING:persistent:%{uid} - -[realms] -{{ workshop_dns_zone | upper }} = { - kdc = windc.{{ workshop_dns_zone }}:88 -} - -[domain_realm] -{{ workshop_dns_zone }} = {{ workshop_dns_zone | upper }} - diff --git a/roles/gitlab_server/tasks/add-users.yml b/roles/gitlab_server/tasks/add-users.yml index 47ed6a18d..827da8386 100644 --- a/roles/gitlab_server/tasks/add-users.yml +++ b/roles/gitlab_server/tasks/add-users.yml @@ -125,7 +125,7 @@ "skip_confirmation": true } register: create_user - with_sequence: count="{{ student_total }}" + with_sequence: count="{{ student_total|int }}" - name: GitLab Post | Get local user information via API uri: @@ -138,5 +138,5 @@ headers: Content-Type: application/json Authorization: Bearer {{ gitlab_access_token.json.access_token }} - with_sequence: count="{{ student_total }}" + with_sequence: count="{{ student_total|int }}" register: gitlab_local_users diff --git a/roles/gitlab_server/tasks/gitea-add-users.yml b/roles/gitlab_server/tasks/gitea-add-users.yml index 47ed997eb..980531e22 100644 --- a/roles/gitlab_server/tasks/gitea-add-users.yml +++ b/roles/gitlab_server/tasks/gitea-add-users.yml @@ -36,7 +36,7 @@ --password """{{ admin_password }}""" --email student{{ item }}@example.com --must-change-password=false - with_sequence: count="{{ student_total }}" + with_sequence: count="{{ student_total|int }}" become_user: gitea register: gitearesult failed_when: diff --git a/roles/issue_cert/defaults/main.yml b/roles/issue_cert/defaults/main.yml new file mode 100644 index 000000000..a8218994c --- /dev/null +++ b/roles/issue_cert/defaults/main.yml @@ -0,0 +1 @@ +run_commands_user: "ec2-user" \ No newline at end of file diff --git a/roles/issue_cert/tasks/main.yml b/roles/issue_cert/tasks/main.yml index d1b9e6078..71d73a857 100644 --- a/roles/issue_cert/tasks/main.yml +++ b/roles/issue_cert/tasks/main.yml @@ -12,13 +12,13 @@ disable_gpg_check: true # solves error # pkg_resources.DistributionNotFound: The 'requests>=2.14.2' distribution was not found and is required by acme - - name: Install requests python package - pip: - name: requests>=2.14.2 + # - name: Install requests python package + # pip: + # name: requests>=2.14.2 - - name: Install requests python package - pip: - name: requests>=2.14.2 + # - name: Install requests python package + # pip: + # name: requests>=2.14.2 - &tower-pinger-block block: @@ -82,7 +82,7 @@ copy: remote_src: true src: "/etc/letsencrypt/live/{{ dns_name }}/privkey.pem" - dest: /etc/tower/tower.key + dest: /home/{{ run_commands_user }}/aap/controller/etc/tower.key - name: Retrieve Specific SSL Cert slurp: @@ -92,7 +92,7 @@ - name: Combine Specific and intermediate Cert template: src: combined_cert.j2 - dest: /etc/tower/tower.cert + dest: /home/{{ run_commands_user }}/aap/controller/etc/tower.cert rescue: - name: no SSL cert for Automation Controller debug: diff --git a/roles/issue_cert/tasks/service/controller_restart.yml b/roles/issue_cert/tasks/service/controller_restart.yml index 9a43839d9..dac1504e9 100644 --- a/roles/issue_cert/tasks/service/controller_restart.yml +++ b/roles/issue_cert/tasks/service/controller_restart.yml @@ -1,5 +1,15 @@ --- -- name: Try restarting automation controller - service: - name: automation-controller.service +# - name: Try restarting automation controller +# service: +# name: automation-controller.service +# state: restarted + +- name: Restart automation-controller-web container + become: true + become_user: "{{ run_commands_user }}" + containers.podman.podman_container: + name: automation-controller-web state: restarted + register: install_controller + until: install_controller is not failed + retries: 5 diff --git a/roles/issue_cert/tasks/service/controller_start.yml b/roles/issue_cert/tasks/service/controller_start.yml index 4e923eb3e..7f43c7f1f 100644 --- a/roles/issue_cert/tasks/service/controller_start.yml +++ b/roles/issue_cert/tasks/service/controller_start.yml @@ -1,8 +1,18 @@ --- -- name: make sure Automation Controller is online before changing base URL - service: - name: automation-controller.service +# - name: Make sure Automation Controller is online before changing base URL +# service: +# name: automation-controller.service +# state: started +# register: install_controller +# until: install_controller is not failed +# retries: 5 + +- name: Make sure Automation Controller is online before changing base URL + become: true + become_user: "{{ run_commands_user }}" + containers.podman.podman_container: + name: automation-controller-web state: started register: install_controller until: install_controller is not failed - retries: 5 + retries: 5 \ No newline at end of file diff --git a/roles/issue_cert/tasks/service/controller_stop.yml b/roles/issue_cert/tasks/service/controller_stop.yml index c1935463c..652cf3761 100644 --- a/roles/issue_cert/tasks/service/controller_stop.yml +++ b/roles/issue_cert/tasks/service/controller_stop.yml @@ -1,8 +1,18 @@ --- -- name: make sure Automation Controller is stopped - service: - name: automation-controller.service +# - name: make sure Automation Controller is stopped +# service: +# name: automation-controller.service +# state: stopped +# register: stop_controller +# until: stop_controller is not failed +# retries: 5 + +- name: Make sure Automation Controller is stopped + become: true + become_user: "{{ run_commands_user }}" + containers.podman.podman_container: + name: automation-controller-web state: stopped - register: stop_controller - until: stop_controller is not failed - retries: 5 + register: install_controller + until: install_controller is not failed + retries: 5 \ No newline at end of file diff --git a/roles/manage_ec2_instances/defaults/main/main.yml b/roles/manage_ec2_instances/defaults/main/main.yml index 0e067c684..32b18ca0e 100644 --- a/roles/manage_ec2_instances/defaults/main/main.yml +++ b/roles/manage_ec2_instances/defaults/main/main.yml @@ -25,6 +25,19 @@ rtr4_type: "arista" rhel: "rhel8" # additional info needed by AWS ec2 modules ec2_info: + control_type_pre_build: + owners: 962147768365 + architecture: x86_64 + filter: 'automation_controller*' + # username: ec2-user + # size: + # - m5a.xlarge + # - m4.xlarge + # os_type: linux + # disk_volume_type: gp3 + # disk_space: 40 + # disk_iops: 3000 + # disk_throughput: 125 private_automation_hub: owners: 309956199498 size: m4.xlarge @@ -331,24 +344,26 @@ debug_teardown: false # Issue #1594 ansible_async_dir: "/tmp/.ansible_async" -pre_build_controller_ami: - ap-northeast-1: ami-06ad1ea5c12a0d0f7 - ap-southeast-1: ami-08e2518f0780bc79b - eu-central-1: ami-0e57d040faf5ebda8 - eu-west-1: ami-0d45c3f4b5d801aa5 - eu-west-2: ami-0d9c98a8a71cfb0e7 - us-east-1: ami-01a0a95922d7386db - us-east-2: ami-0ef29e3299cf26819 - us-west-1: ami-0009710aa9b69790e - us-west-2: ami-0b0d02e3c1d09fd4c + + +# pre_build_controller_ami: +# ap-northeast-1: ami-06ad1ea5c12a0d0f7 +# ap-southeast-1: ami-08e2518f0780bc79b +# eu-central-1: ami-0e57d040faf5ebda8 +# eu-west-1: ami-0d45c3f4b5d801aa5 +# eu-west-2: ami-0d9c98a8a71cfb0e7 +# us-east-1: ami-01a0a95922d7386db +# us-east-2: ami-0ef29e3299cf26819 +# us-west-1: ami-0009710aa9b69790e +# us-west-2: ami-0b0d02e3c1d09fd4c -pre_build_hub_ami: - ap-northeast-1: ami-0e10c305c74ebe2c4 - ap-southeast-1: ami-0b8c588fe02c19ce6 - eu-central-1: ami-029abcf986bb7184b - eu-west-1: ami-00bef767b6ca8c984 - eu-west-2: ami-011c00be5f944ee31 - us-east-1: ami-010a11c3f9fb72abf - us-east-2: ami-08241f088dd7ba4c0 - us-west-1: ami-0f382a9cddf149608 - us-west-2: ami-07bf564f45ff71e62 \ No newline at end of file +# pre_build_hub_ami: +# ap-northeast-1: ami-0e10c305c74ebe2c4 +# ap-southeast-1: ami-0b8c588fe02c19ce6 +# eu-central-1: ami-029abcf986bb7184b +# eu-west-1: ami-00bef767b6ca8c984 +# eu-west-2: ami-011c00be5f944ee31 +# us-east-1: ami-010a11c3f9fb72abf +# us-east-2: ami-08241f088dd7ba4c0 +# us-west-1: ami-0f382a9cddf149608 +# us-west-2: ami-07bf564f45ff71e62 \ No newline at end of file diff --git a/roles/manage_ec2_instances/tasks/check_prebuild.yml b/roles/manage_ec2_instances/tasks/check_prebuild.yml index da9dbc4b0..a420d7518 100644 --- a/roles/manage_ec2_instances/tasks/check_prebuild.yml +++ b/roles/manage_ec2_instances/tasks/check_prebuild.yml @@ -1,10 +1,16 @@ --- - name: make sure we have access to pre_build AMI block: + - name: print AMI to terminal window + debug: + var: ansible_control_node_ami + - name: check if we have access to AMI amazon.aws.ec2_ami_info: region: "{{ ec2_region }}" - image_ids: "{{ pre_build_controller_ami[ec2_region] }}" + image_ids: + - "{{ ansible_control_node_ami.image_id }}" + rescue: - name: AWS AMI Access is not available fail: diff --git a/roles/manage_ec2_instances/tasks/check_prebuild_hub.yml b/roles/manage_ec2_instances/tasks/check_prebuild_hub.yml index ac32e5097..08eeac07f 100644 --- a/roles/manage_ec2_instances/tasks/check_prebuild_hub.yml +++ b/roles/manage_ec2_instances/tasks/check_prebuild_hub.yml @@ -1,10 +1,15 @@ --- - name: make sure we have access to pre_build hub AMI block: + - name: print AMI to terminal window + debug: + var: ansible_hub_node_ami + - name: check if we have access to AMI amazon.aws.ec2_ami_info: region: "{{ ec2_region }}" - image_ids: "{{ pre_build_hub_ami[ec2_region] }}" + image_ids: + - "{{ ansible_hub_node_ami.image_id }}" rescue: - name: AWS AMI Access is not available fail: diff --git a/roles/manage_ec2_instances/tasks/cockpit_machines.yml b/roles/manage_ec2_instances/tasks/cockpit_machines.yml index a1ad439af..03287fd33 100644 --- a/roles/manage_ec2_instances/tasks/cockpit_machines.yml +++ b/roles/manage_ec2_instances/tasks/cockpit_machines.yml @@ -7,4 +7,4 @@ template: src: "cockpit_machines/cockpit_machines_{{workshop_type}}.j2" dest: "{{ playbook_dir }}/{{ec2_name_prefix}}/student{{item}}-99-webui.json" - with_sequence: count="{{ student_total }}" + with_sequence: count="{{ student_total|int }}" diff --git a/roles/manage_ec2_instances/tasks/create_inventory.yml b/roles/manage_ec2_instances/tasks/create_inventory.yml index 8e7d3b9fa..227a3da75 100644 --- a/roles/manage_ec2_instances/tasks/create_inventory.yml +++ b/roles/manage_ec2_instances/tasks/create_inventory.yml @@ -12,12 +12,13 @@ name: "{{ item.tags.Name }}" username: "{{ student_user }}" student: "{{ item.tags.Student }}" + student_number: "{{ item.tags.Index|int + 1 }}" short_name: "{{ item.tags.short_name }}" ansible_host: "{{ item.public_ip_address }}" ansible_user: "{{ item.tags.username }}" ansible_port: "{{ ssh_port }}" ansible_ssh_private_key_file: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ec2_name_prefix}}-private.pem" - private_ip: "{{item.private_ip_address}}" + private_ip: "{{ item.private_ip_address }}" pre_build: "{{ pre_build }}" groups: - control_nodes @@ -31,13 +32,13 @@ template: src: "student_inventory/instances_{{workshop_type}}.j2" dest: "{{ playbook_dir }}/{{ec2_name_prefix}}/student{{item}}-instances.txt" - with_sequence: count="{{ student_total }}" + with_sequence: count="{{ student_total|int }}" - name: Generate student etchosts template: src: "etchosts/etchosts_{{workshop_type}}.j2" dest: "{{ playbook_dir }}/{{ec2_name_prefix}}/student{{item}}-etchosts.txt" - with_sequence: count="{{ student_total }}" + with_sequence: count="{{ student_total|int }}" - name: Generate instructor inventory template: diff --git a/roles/manage_ec2_instances/tasks/instances/attendance/attendance_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/attendance/attendance_instance_provision.yml index 85df2b66e..c99846e02 100644 --- a/roles/manage_ec2_instances/tasks/instances/attendance/attendance_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/attendance/attendance_instance_provision.yml @@ -25,7 +25,7 @@ owner: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: 'attendance-host' long_name: "attendance-host.{{ ec2_name_prefix }}.{{ workshop_dns_zone | default('') }}" username: "{{ ec2_info['attendance_host']['username'] }}" diff --git a/roles/manage_ec2_instances/tasks/instances/auto_satellite/auto_satellite_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/auto_satellite/auto_satellite_instance_provision.yml index e10b91809..6abcf85a5 100644 --- a/roles/manage_ec2_instances/tasks/instances/auto_satellite/auto_satellite_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/auto_satellite/auto_satellite_instance_provision.yml @@ -8,7 +8,7 @@ instance_type: "{{ ec2_info['satellite'].size[list_count|int] }}" image_id: "{{ sat_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: instance-state-name: running @@ -23,7 +23,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Ansible_Workshops: "This was provisioned through the ansible workshops provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "satellite" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/instances/centos_6/centos_6_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/centos_6/centos_6_instance_provision.yml index 4f49bd687..7f8d9d2f2 100644 --- a/roles/manage_ec2_instances/tasks/instances/centos_6/centos_6_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/centos_6/centos_6_instance_provision.yml @@ -8,7 +8,7 @@ instance_type: "{{ ec2_info[centos6].size[list_count|int] }}" image_id: "{{ node_ami_centos6.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: instance-state-name: running @@ -23,7 +23,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node7" username: "{{ ec2_info[centos6].username }}" ansible-workshops: "true" @@ -86,7 +86,7 @@ instance_type: "{{ ec2_info[centos6].size[list_count|int] }}" image_id: "{{ node_ami_centos6.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: instance-state-name: running @@ -101,7 +101,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node8" username: "{{ ec2_info[centos6].username }}" ansible-workshops: "true" @@ -163,7 +163,7 @@ instance_type: "{{ ec2_info[centos6].size[list_count|int] }}" image_id: "{{ node_ami_centos6.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: instance-state-name: running @@ -178,7 +178,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node9" username: "{{ ec2_info[centos6].username }}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/instances/centos_7/centos_7_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/centos_7/centos_7_instance_provision.yml index 9835bcb9c..92dcff6a8 100644 --- a/roles/manage_ec2_instances/tasks/instances/centos_7/centos_7_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/centos_7/centos_7_instance_provision.yml @@ -8,7 +8,7 @@ instance_type: "{{ ec2_info[centos7].size[list_count|int] }}" image_id: "{{ node_ami_centos7.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: instance-state-name: running @@ -23,7 +23,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node4" username: "{{ ec2_info[centos7].username }}" ansible-workshops: "true" @@ -86,7 +86,7 @@ instance_type: "{{ ec2_info[centos7].size[list_count|int] }}" image_id: "{{ node_ami_centos7.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: instance-state-name: running @@ -101,7 +101,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node5" username: "{{ ec2_info[centos7].username }}" ansible-workshops: "true" @@ -164,7 +164,7 @@ instance_type: "{{ ec2_info[centos7].size[list_count|int] }}" image_id: "{{ node_ami_centos7.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: instance-state-name: running @@ -179,7 +179,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node6" username: "{{ ec2_info[centos7].username }}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/instances/control_cluster/cluster_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/control_cluster/cluster_instance_provision.yml index 061c7ae60..1508e1578 100644 --- a/roles/manage_ec2_instances/tasks/instances/control_cluster/cluster_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/control_cluster/cluster_instance_provision.yml @@ -6,7 +6,7 @@ instance_type: "{{ ec2_info[control_type].size[list_count|int] }}" image_id: "{{ ansible_control_node_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: "tag:Workshop_ansible": "{{ ec2_name_prefix }}-ansible-{{ sequence }}" @@ -19,7 +19,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Ansible_Workshops: "This was provisioned through the ansible workshops provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" username: "{{ ec2_info[control_type].username }}" short_name: "ansible-{{ sequence }}" ansible-workshops: "true" @@ -73,7 +73,7 @@ assume_role_policy_document: "{{ lookup('file','AssumeRole_policy.json') }}" create_instance_profile: true description: VPC Lockdown role for "{{ ec2_name_prefix }}" workshop - loop: "{{ range(1, student_total + 1)|list }}" + loop: "{{ range(1, student_total|int + 1)|list }}" - name: Create control node instance role community.aws.iam_role: @@ -81,7 +81,7 @@ assume_role_policy_document: "{{ lookup('file','AssumeRole_policy.json') }}" create_instance_profile: true description: Control node instance role for "{{ ec2_name_prefix }}" workshop - loop: "{{ range(1, student_total + 1)|list }}" + loop: "{{ range(1, student_total|int + 1)|list }}" - name: Generate IAM policy for control node IAM instance role community.aws.iam_policy: @@ -90,7 +90,7 @@ policy_name: "IAMPolicy_{{ ec2_name_prefix }}_student{{ item }}" state: present policy_json: "{{ lookup( 'template', 'iam_vpc_lockdown_policy.json.j2') }}" - loop: "{{ range(1, student_total + 1)|list }}" + loop: "{{ range(1, student_total|int + 1)|list }}" loop_control: index_var: loop_idx diff --git a/roles/manage_ec2_instances/tasks/instances/devops/devops_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/devops/devops_instance_provision.yml index 6d3d44439..159ee80e4 100644 --- a/roles/manage_ec2_instances/tasks/instances/devops/devops_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/devops/devops_instance_provision.yml @@ -7,7 +7,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image: "{{ node1_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" count_tag: Workshop_node1: "{{ ec2_name_prefix }}-node1" tags: @@ -20,7 +20,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "dev_web1" username: "{{ ec2_info[rhel].username }}" Devops_tag: dev_web1 @@ -56,7 +56,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image: "{{ node2_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" count_tag: Workshop_node2: "{{ ec2_name_prefix }}-node2" tags: @@ -69,7 +69,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "dev_web2" username: "{{ ec2_info[rhel].username }}" Devops_tag: dev_web2 @@ -105,7 +105,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image: "{{ node3_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" count_tag: Workshop_node3: "{{ ec2_name_prefix }}-node3" tags: @@ -118,7 +118,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "prod_web1" username: "{{ ec2_info[rhel].username }}" Devops_tag: prod_web1 @@ -154,7 +154,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image: "{{ node4_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" count_tag: Workshop_node4: "{{ ec2_name_prefix }}-node4" tags: @@ -167,7 +167,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "prod_web2" username: "{{ ec2_info[rhel].username }}" Devops_tag: prod_web2 diff --git a/roles/manage_ec2_instances/tasks/instances/f5/f5_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/f5/f5_instance_provision.yml index 766c8d9ff..14f0122b2 100644 --- a/roles/manage_ec2_instances/tasks/instances/f5/f5_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/f5/f5_instance_provision.yml @@ -7,7 +7,7 @@ instance_type: "{{ ec2_info.f5node.size[list_count|int] }}" image_id: "{{ f5_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running network: assign_public_ip: true @@ -24,7 +24,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" username: "{{ ec2_info.f5node.username }}" short_name: "f5" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/instances/f5/rhel_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/f5/rhel_instance_provision.yml index a27198164..facbbd523 100644 --- a/roles/manage_ec2_instances/tasks/instances/f5/rhel_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/f5/rhel_instance_provision.yml @@ -6,7 +6,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ f5_rhel_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running network: assign_public_ip: true @@ -23,7 +23,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner for F5 workshop" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: node1 username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" @@ -67,7 +67,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ f5_rhel_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running network: assign_public_ip: true @@ -84,7 +84,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner for F5 workshop" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: node2 username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/instances/instances_automation_hub.yml b/roles/manage_ec2_instances/tasks/instances/instances_automation_hub.yml index 5b9eaf59b..332847bf6 100644 --- a/roles/manage_ec2_instances/tasks/instances/instances_automation_hub.yml +++ b/roles/manage_ec2_instances/tasks/instances/instances_automation_hub.yml @@ -22,7 +22,7 @@ AWS_USERNAME: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Ansible_Workshops: "This was provisioned through the ansible workshops provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" username: "{{ ec2_info[hub_type].username }}" short_name: "automation-hub" long_name: "automation-hub.{{ ec2_name_prefix }}.{{ workshop_dns_zone | default ('') }}" diff --git a/roles/manage_ec2_instances/tasks/instances/instances_configascode.yml b/roles/manage_ec2_instances/tasks/instances/instances_configascode.yml index 1aa7c2588..1faf850a2 100644 --- a/roles/manage_ec2_instances/tasks/instances/instances_configascode.yml +++ b/roles/manage_ec2_instances/tasks/instances/instances_configascode.yml @@ -25,7 +25,7 @@ owner: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: 'gitlab' long_name: "gitlab.{{ ec2_name_prefix }}.{{ workshop_dns_zone | default('') }}" username: "{{ ec2_info['skylight_rhel8_gitlab']['username'] }}" @@ -53,7 +53,7 @@ instance_type: "{{ ec2_info[hub_type].size }}" image_id: "{{ ansible_hub_node_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running network: assign_public_ip: true @@ -69,7 +69,7 @@ AWS_USERNAME: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Ansible_Workshops: "This was provisioned through the ansible workshops provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" username: "{{ ec2_info[hub_type].username }}" short_name: "automation-hub" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/instances/instances_middleware.yml b/roles/manage_ec2_instances/tasks/instances/instances_middleware.yml index f359dcfb7..d4ff135b8 100644 --- a/roles/manage_ec2_instances/tasks/instances/instances_middleware.yml +++ b/roles/manage_ec2_instances/tasks/instances/instances_middleware.yml @@ -7,7 +7,7 @@ instance_type: "{{ ec2_info.middleware.size }}" image: "{{ node_ami_middleware.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" count_tag: Workshop_node1: "{{ ec2_name_prefix }}-node1" tags: @@ -20,7 +20,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node1" username: "{{ ec2_info.middleware.username }}" ansible-workshops: "true" @@ -55,7 +55,7 @@ instance_type: "{{ ec2_info.middleware.size }}" image: "{{ node_ami_middleware.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" count_tag: Workshop_node2: "{{ ec2_name_prefix }}-node2" tags: @@ -68,7 +68,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node2" username: "{{ ec2_info.middleware.username }}" ansible-workshops: "true" @@ -103,7 +103,7 @@ instance_type: "{{ ec2_info.middleware.size }}" image: "{{ node_ami_middleware.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" count_tag: Workshop_node3: "{{ ec2_name_prefix }}-node3" tags: @@ -116,7 +116,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node3" username: "{{ ec2_info.middleware.username }}" ansible-workshops: "true" @@ -153,7 +153,7 @@ instance_type: "{{ ec2_info.middleware.size }}" image: "{{ node_ami_middleware.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" count_tag: Workshop_isonode: "{{ ec2_name_prefix }}-isonode" tags: @@ -164,7 +164,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "isonode" username: "{{ ec2_info.middleware.username }}" ansible-workshops: "true" @@ -200,7 +200,7 @@ instance_type: "{{ ec2_info.middleware.size }}" image: "{{ node_ami_middleware.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" count_tag: Workshop_remotenode: "{{ ec2_name_prefix }}-remotenode" tags: @@ -211,7 +211,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "remotenode" username: "{{ ec2_info.middleware.username }}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/instances/instances_network.yml b/roles/manage_ec2_instances/tasks/instances/instances_network.yml index 080bb09a4..66224bce3 100644 --- a/roles/manage_ec2_instances/tasks/instances/instances_network.yml +++ b/roles/manage_ec2_instances/tasks/instances/instances_network.yml @@ -15,7 +15,7 @@ instance_type: "{{ ec2_info[rtr1_type].size }}" image_id: "{{ lookup('vars', rtr1_type ~ '_ami')['image_id'] }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" user_data: '' state: running network: @@ -33,7 +33,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "rtr1" ansible_network_os: "{{ ec2_info[rtr1_type].os }}" username: "{{ ec2_info[rtr1_type].username }}" @@ -73,7 +73,7 @@ instance_type: "{{ ec2_info[rtr2_type].size }}" image_id: "{{ lookup('vars', rtr2_type ~ '_ami')['image_id'] }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running user_data: '' network: @@ -91,7 +91,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "rtr2" ansible_network_os: "{{ ec2_info[rtr2_type].os }}" username: "{{ ec2_info[rtr1_type].username }}" @@ -131,7 +131,7 @@ instance_type: "{{ec2_info[rtr3_type].size }}" image_id: "{{ lookup('vars', rtr3_type ~ '_ami')['image_id'] }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" user_data: '' state: running network: @@ -149,7 +149,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "rtr3" ansible_network_os: "{{ ec2_info[rtr3_type].os }}" username: "{{ ec2_info[rtr3_type].username }}" @@ -189,7 +189,7 @@ instance_type: "{{ ec2_info[rtr4_type].size }}" image_id: "{{ lookup('vars', rtr4_type ~ '_ami')['image_id'] }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" user_data: '' state: running network: @@ -207,7 +207,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "rtr4" ansible_network_os: "{{ ec2_info[rtr4_type].os }}" username: "{{ ec2_info[rtr1_type].username }}" diff --git a/roles/manage_ec2_instances/tasks/instances/instances_security.yml b/roles/manage_ec2_instances/tasks/instances/instances_security.yml index d824b0154..f47bbb8b1 100644 --- a/roles/manage_ec2_instances/tasks/instances/instances_security.yml +++ b/roles/manage_ec2_instances/tasks/instances/instances_security.yml @@ -1,7 +1,7 @@ --- - set_fact: - async_timeout_seconds: "{{ student_total * 60 }}" - async_wait_for_retries: "{{ student_total * 10 }}" + async_timeout_seconds: "{{ student_total|int * 60 }}" + async_wait_for_retries: "{{ student_total|int * 10 }}" - name: Create EC2 Block - SECURITY MODE block: diff --git a/roles/manage_ec2_instances/tasks/instances/instances_windows.yml b/roles/manage_ec2_instances/tasks/instances/instances_windows.yml index 6cec6fe10..072a67a78 100644 --- a/roles/manage_ec2_instances/tasks/instances/instances_windows.yml +++ b/roles/manage_ec2_instances/tasks/instances/instances_windows.yml @@ -25,7 +25,7 @@ owner: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: 'gitlab' long_name: "gitlab.{{ ec2_name_prefix }}.{{ workshop_dns_zone | default('') }}" username: "{{ ec2_info['skylight_rhel8_gitlab']['username'] }}" @@ -53,7 +53,7 @@ instance_type: "{{ ec2_info['skylight_windows_instance']['size'] }}" image_id: "{{ win_instance_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running network: assign_public_ip: true @@ -71,7 +71,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "instance1" ansible-workshops: "true" wait: "{{ ec2_wait }}" @@ -94,7 +94,7 @@ instance_type: "{{ ec2_info['skylight_windows_instance']['size'] }}" image_id: "{{ win_instance_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running network: assign_public_ip: true @@ -112,7 +112,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "instance2" ansible-workshops: "true" wait: "{{ ec2_wait }}" diff --git a/roles/manage_ec2_instances/tasks/instances/rhel/rhel_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/rhel/rhel_instance_provision.yml index 46a302910..c1cdd4e76 100644 --- a/roles/manage_ec2_instances/tasks/instances/rhel/rhel_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/rhel/rhel_instance_provision.yml @@ -9,7 +9,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_node1": "{{ ec2_name_prefix }}-node1" @@ -23,7 +23,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node1" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" @@ -91,7 +91,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_node2": "{{ ec2_name_prefix }}-node2" @@ -105,7 +105,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node2" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" @@ -169,7 +169,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_node3": "{{ ec2_name_prefix }}-node3" @@ -183,7 +183,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "node3" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" @@ -249,7 +249,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_isonode": "{{ ec2_name_prefix }}-isonode" @@ -261,7 +261,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "isonode" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" @@ -310,7 +310,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_remotenode": "{{ ec2_name_prefix }}-remotenode" @@ -322,7 +322,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "remotenode" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/instances/ripu/ripu_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/ripu/ripu_instance_provision.yml index 3f4c30137..4d6f9cabd 100644 --- a/roles/manage_ec2_instances/tasks/instances/ripu/ripu_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/ripu/ripu_instance_provision.yml @@ -9,7 +9,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel7.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_node1": "{{ ec2_name_prefix }}-node1" @@ -23,7 +23,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "{{ lookup('community.general.random_pet') }}" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" @@ -107,7 +107,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel7.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_node2": "{{ ec2_name_prefix }}-node2" @@ -121,7 +121,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "{{ lookup('community.general.random_pet') }}" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" @@ -201,7 +201,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel8.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_node3": "{{ ec2_name_prefix }}-node3" @@ -215,7 +215,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "{{ lookup('community.general.random_pet') }}" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" @@ -295,7 +295,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel8.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_node4": "{{ ec2_name_prefix }}-node4" @@ -309,7 +309,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "{{ lookup('community.general.random_pet') }}" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" @@ -391,7 +391,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_isonode": "{{ ec2_name_prefix }}-isonode" @@ -403,7 +403,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "isonode" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" @@ -452,7 +452,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image_id: "{{ node_ami_rhel.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" filters: instance-state-name: running "tag:Workshop_remotenode": "{{ ec2_name_prefix }}-remotenode" @@ -464,7 +464,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "remotenode" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/instances/storage/storage_instance_provision.yml b/roles/manage_ec2_instances/tasks/instances/storage/storage_instance_provision.yml index a261aa72e..78b01608e 100644 --- a/roles/manage_ec2_instances/tasks/instances/storage/storage_instance_provision.yml +++ b/roles/manage_ec2_instances/tasks/instances/storage/storage_instance_provision.yml @@ -7,7 +7,7 @@ instance_type: "{{ ec2_info[rhel].size[list_count|int] }}" image: "{{ netapp_ami.image_id }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" count_tag: Workshop_netapp: "{{ ec2_name_prefix }}-netapp" tags: @@ -19,7 +19,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" short_name: "netapp" username: "{{ ec2_info[rhel].username }}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/inventory/addhost_configascode.yml b/roles/manage_ec2_instances/tasks/inventory/addhost_configascode.yml index 4c6ee183d..02de9cb1a 100644 --- a/roles/manage_ec2_instances/tasks/inventory/addhost_configascode.yml +++ b/roles/manage_ec2_instances/tasks/inventory/addhost_configascode.yml @@ -52,7 +52,7 @@ state: absent instance_ids: "{{ generic_hub_host_facts.instances | map(attribute='instance_id') | list }}" wait: true - wait_timeout: "{{ student_total * 300 | int}}" + wait_timeout: "{{ student_total|int * 300 | int}}" register: result_ec2_destroy - name: Add automation hub instance to host group diff --git a/roles/manage_ec2_instances/tasks/inventory/addhost_network.yml b/roles/manage_ec2_instances/tasks/inventory/addhost_network.yml index 33a68bfed..e3f67583c 100644 --- a/roles/manage_ec2_instances/tasks/inventory/addhost_network.yml +++ b/roles/manage_ec2_instances/tasks/inventory/addhost_network.yml @@ -1,5 +1,5 @@ --- -- name: grab facts for rtr1 node (NETWORK MODE) +- name: Grab facts for rtr1 node (NETWORK MODE) amazon.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: @@ -7,7 +7,7 @@ "tag:Workshop_rtr1": "{{ ec2_name_prefix }}-rtr1" register: rtr1_node_facts -- name: grab facts for rtr2 node (NETWORK MODE) +- name: Grab facts for rtr2 node (NETWORK MODE) amazon.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: @@ -15,7 +15,7 @@ "tag:Workshop_rtr2": "{{ ec2_name_prefix }}-rtr2" register: rtr2_node_facts -- name: grab facts for rtr3 node (NETWORK MODE) +- name: Grab facts for rtr3 node (NETWORK MODE) amazon.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: @@ -23,7 +23,7 @@ "tag:Workshop_rtr3": "{{ ec2_name_prefix }}-rtr3" register: rtr3_node_facts -- name: grab facts for rtr4 node (NETWORK MODE) +- name: Grab facts for rtr4 node (NETWORK MODE) amazon.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: @@ -31,27 +31,31 @@ "tag:Workshop_rtr4": "{{ ec2_name_prefix }}-rtr4" register: rtr4_node_facts -- name: ADD RTR1 ROUTERS TO INVENTORY - add_host: +- name: Add RTR1 routers to inventory + ansible.builtin.add_host: name: "{{ item.tags.Name }}" short_name: "{{ item.tags.short_name }}" + student_number: "{{ item.tags.Index|int + 1}}" ansible_host: "{{ item.public_ip_address }}" username: "{{ item.tags.Student }}" ansible_user: "{{ item.tags.username }}" ansible_port: "{{ ssh_port }}" + ansible_libssh_publickey_algorithms: "ssh-rsa" + ansible_network_cli_ssh_type: libssh ansible_ssh_private_key_file: "{{ playbook_dir }}/{{ ec2_name_prefix|lower }}/{{ ec2_name_prefix|lower }}-private.pem" - private_ip: "{{item.private_ip_address}}" - ansible_network_os: "{{item.tags.ansible_network_os}}" + private_ip: "{{ item.private_ip_address }}" + ansible_network_os: "{{ item.tags.ansible_network_os }}" groups: - routers - core - dmvpn loop: "{{ rtr1_node_facts.instances|flatten(levels=1) }}" -- name: ADD RTR2 ROUTERS TO INVENTORY - add_host: +- name: Add RTR2 routers to inventory + ansible.builtin.add_host: name: "{{ item.tags.Name }}" short_name: "{{ item.tags.short_name }}" + student_number: "{{ item.tags.Index|int + 1 }}" ansible_host: "{{ item.public_ip_address }}" username: "{{ item.tags.Student }}" ansible_user: "{{ item.tags.username }}" @@ -64,10 +68,11 @@ - core loop: "{{ rtr2_node_facts.instances|flatten(levels=1) }}" -- name: ADD RTR3 ROUTERS TO INVENTORY - add_host: +- name: Add RTR3 routers to inventory + ansible.builtin.add_host: name: "{{ item.tags.Name }}" short_name: "{{ item.tags.short_name }}" + student_number: "{{ item.tags.Index|int + 1 }} " ansible_host: "{{ item.public_ip_address }}" username: "{{ item.tags.Student }}" ansible_user: "{{ item.tags.username }}" @@ -80,10 +85,11 @@ - access loop: "{{ rtr3_node_facts.instances|flatten(levels=1) }}" -- name: ADD RTR3 ROUTERS TO INVENTORY - add_host: +- name: Add RTR4 routers to inventory + ansible.builtin.add_host: name: "{{ item.tags.Name }}" short_name: "{{ item.tags.short_name }}" + student_number: "{{ item.tags.Index|int + 1 }}" ansible_host: "{{ item.public_ip_address }}" username: "{{ item.tags.Student }}" ansible_user: "{{ item.tags.username }}" @@ -95,3 +101,7 @@ - routers - access loop: "{{ rtr4_node_facts.instances|flatten(levels=1) }}" + +- name: SEAN DEBUG STATEMENT + debug: + var: groups['routers'] diff --git a/roles/manage_ec2_instances/tasks/inventory/addhost_rhel.yml b/roles/manage_ec2_instances/tasks/inventory/addhost_rhel.yml index f544200cb..630197f79 100644 --- a/roles/manage_ec2_instances/tasks/inventory/addhost_rhel.yml +++ b/roles/manage_ec2_instances/tasks/inventory/addhost_rhel.yml @@ -44,6 +44,7 @@ - name: add hosts to groups (ANSIBLE RHEL MODE) add_host: name: "{{ item.tags.Name }}" + private_ip: "{{ item.private_ip_address }}" username: "{{ student_user }}" student: "{{ item.tags.Student }}" short_name: "{{ item.tags.short_name }}" @@ -51,7 +52,7 @@ ansible_user: "{{ item.tags.username }}" ansible_port: "{{ ssh_port }}" ansible_ssh_private_key_file: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ec2_name_prefix}}-private.pem" - groups: lab_hosts,managed_nodes + groups: lab_hosts,managed_nodes,rhel with_items: - "{{ node1_node_facts.instances }}" - "{{ node2_node_facts.instances }}" @@ -61,6 +62,7 @@ - name: add nodes for cluster lab to groups (ANSIBLE RHEL MODE) add_host: name: "{{ item.tags.Name }}" + private_ip: "{{ item.private_ip_address }}" username: "{{ student_user }}" student: "{{ item.tags.Student }}" short_name: "{{ item.tags.short_name }}" @@ -68,7 +70,7 @@ ansible_user: "{{ item.tags.username }}" ansible_port: "{{ ssh_port }}" ansible_ssh_private_key_file: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ec2_name_prefix}}-private.pem" - groups: lab_hosts,managed_nodes + groups: lab_hosts,managed_nodes,rhel with_items: - "{{ isonode_node_facts.instances }}" - "{{ remotenode_node_facts.instances }}" diff --git a/roles/manage_ec2_instances/tasks/inventory/addhost_ripu.yml b/roles/manage_ec2_instances/tasks/inventory/addhost_ripu.yml index fc34821f7..e450c7941 100644 --- a/roles/manage_ec2_instances/tasks/inventory/addhost_ripu.yml +++ b/roles/manage_ec2_instances/tasks/inventory/addhost_ripu.yml @@ -56,6 +56,7 @@ student: "{{ item.tags.Student }}" short_name: "{{ item.tags.short_name }}" ansible_host: "{{ item.public_ip_address }}" + private_ip: "{{ item.private_ip_address }}" ansible_user: "{{ item.tags.username }}" ansible_port: "{{ ssh_port }}" ansible_ssh_private_key_file: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ec2_name_prefix}}-private.pem" @@ -74,6 +75,7 @@ student: "{{ item.tags.Student }}" short_name: "{{ item.tags.short_name }}" ansible_host: "{{ item.public_ip_address }}" + private_ip: "{{ item.private_ip_address }}" ansible_user: "{{ item.tags.username }}" ansible_port: "{{ ssh_port }}" ansible_ssh_private_key_file: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ec2_name_prefix}}-private.pem" @@ -90,6 +92,7 @@ student: "{{ item.tags.Student }}" short_name: "{{ item.tags.short_name }}" ansible_host: "{{ item.public_ip_address }}" + private_ip: "{{ item.private_ip_address }}" ansible_user: "{{ item.tags.username }}" ansible_port: "{{ ssh_port }}" ansible_ssh_private_key_file: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ec2_name_prefix}}-private.pem" @@ -106,6 +109,7 @@ student: "{{ item.tags.Student }}" short_name: "{{ item.tags.short_name }}" ansible_host: "{{ item.public_ip_address }}" + private_ip: "{{ item.private_ip_address }}" ansible_user: "{{ item.tags.username }}" ansible_port: "{{ ssh_port }}" ansible_ssh_private_key_file: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ec2_name_prefix}}-private.pem" diff --git a/roles/manage_ec2_instances/tasks/main.yml b/roles/manage_ec2_instances/tasks/main.yml index 9e3bb7743..1ad057d44 100644 --- a/roles/manage_ec2_instances/tasks/main.yml +++ b/roles/manage_ec2_instances/tasks/main.yml @@ -7,13 +7,6 @@ - include_tasks: teardown.yml when: teardown|bool -- name: check if we have access to pre_build AMI images - include_tasks: check_prebuild.yml - -- name: check if we have access to pre_build hub AMI images - include_tasks: check_prebuild_hub.yml - when: automation_hub|bool and pre_build|bool - - name: provision aws resources and instances include_tasks: provision.yml tags: provisioned diff --git a/roles/manage_ec2_instances/tasks/provision.yml b/roles/manage_ec2_instances/tasks/provision.yml index 8086b3f5a..036720dd3 100644 --- a/roles/manage_ec2_instances/tasks/provision.yml +++ b/roles/manage_ec2_instances/tasks/provision.yml @@ -34,13 +34,13 @@ - name: save ami for ansible control node pre_build when: pre_build|bool block: - - name: find ami for ansible control node + - name: find ami for ansible control node with pre_build image amazon.aws.ec2_ami_info: region: "{{ ec2_region }}" - owners: "962147768365" + owners: "{{ ec2_info.control_type_pre_build.owners }}" filters: - name: "automation_controller*" - architecture: "x86_64" + name: "{{ ec2_info.control_type_pre_build.filter }}" + architecture: "{{ ec2_info.control_type_pre_build.architecture }}" register: amis - name: save ami for ansible control node @@ -48,6 +48,9 @@ ansible_control_node_ami: > {{ amis.images | selectattr('name', 'defined') | sort(attribute='name') | last }} + - name: check if we have access to pre_build AMI images + include_tasks: check_prebuild.yml + - name: enforce major and minor version are at least RHEL 8.4 assert: that: @@ -88,6 +91,10 @@ - name: find correct AMI include_tasks: 'ami_find/ami_find_{{ workshop_type }}.yml' +- name: check if we have access to pre_build hub AMI images + include_tasks: check_prebuild_hub.yml + when: automation_hub|bool and pre_build|bool + ## Instance creation - name: provision workshop instances include_tasks: 'instances/instances_{{ workshop_type }}.yml' diff --git a/roles/manage_ec2_instances/tasks/resources/resources.yml b/roles/manage_ec2_instances/tasks/resources/resources.yml index 8b6ab5e2a..0a7e7169b 100644 --- a/roles/manage_ec2_instances/tasks/resources/resources.yml +++ b/roles/manage_ec2_instances/tasks/resources/resources.yml @@ -11,7 +11,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" Workshop_type: "{{ workshop_type }}" Workshop: "{{ ec2_name_prefix }}" ansible-workshops: "true" @@ -39,7 +39,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" Workshop_type: "{{ workshop_type }}" Workshop: "{{ ec2_name_prefix }}" ansible-workshops: "true" @@ -63,7 +63,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" Workshop_type: "{{ workshop_type }}" Workshop: "{{ ec2_name_prefix }}" ansible-workshops: "true" @@ -83,7 +83,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" Workshop_type: "{{ workshop_type }}" Workshop: "{{ ec2_name_prefix }}" ansible-workshops: "true" @@ -99,7 +99,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "Total {{ student_total }}" + Students: "Total {{ student_total|int }}" Workshop_type: "{{ workshop_type }}" Workshop: "{{ ec2_name_prefix }}" ansible-workshops: "true" @@ -120,7 +120,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" Workshop_type: "{{ workshop_type }}" Workshop: "{{ ec2_name_prefix }}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/resources/resources_network.yml b/roles/manage_ec2_instances/tasks/resources/resources_network.yml index a88ef9503..39ef3d8c2 100644 --- a/roles/manage_ec2_instances/tasks/resources/resources_network.yml +++ b/roles/manage_ec2_instances/tasks/resources/resources_network.yml @@ -8,7 +8,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{student_total}}" + Students: "{{ student_total|int }}" ansible-workshops: "true" register: create_vpc2 when: ec2_vpc_id2 is undefined @@ -25,7 +25,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{student_total}}" + Students: "{{ student_total|int }}" ansible-workshops: "true" rules: - proto: 47 @@ -79,7 +79,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{student_total}}" + Students: "{{ student_total|int }}" ansible-workshops: "true" register: create_subnet2 until: create_subnet2 is not failed @@ -94,7 +94,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "Total {{student_total}}" + Students: "Total {{ student_total|int }}" ansible-workshops: "true" register: igw2 until: igw2 is not failed @@ -114,7 +114,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{student_total}}" + Students: "{{ student_total|int }}" ansible-workshops: "true" register: routetablenetworking until: routetablenetworking is not failed diff --git a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_checkpoint_gw_eni_bookkeeping.yml b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_checkpoint_gw_eni_bookkeeping.yml index 7144b0ee9..1c5e602a8 100644 --- a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_checkpoint_gw_eni_bookkeeping.yml +++ b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_checkpoint_gw_eni_bookkeeping.yml @@ -14,7 +14,7 @@ state: present region: '{{ ec2_region }}' delete_on_termination: true - loop: '{{ range(0, student_total) | list }}' + loop: '{{ range(0, student_total|int) | list }}' async: "{{ async_timeout_seconds }}" poll: 0 register: ec2_subnet1_eni_checkpoint_gw_async @@ -25,7 +25,7 @@ state: present region: '{{ ec2_region }}' delete_on_termination: true - loop: '{{ range(0, student_total) | list }}' + loop: '{{ range(0, student_total|int) | list }}' async: "{{ async_timeout_seconds }}" poll: 0 register: ec2_subnet2_eni_checkpoint_gw_async @@ -78,7 +78,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{student_total}}" + Students: "{{ student_total|int }}" Subnet: '{{ ec2_name_prefix }}-subnet1' Workshop: "{{ ec2_name_prefix }}" uuid: "{{ ec2_name_prefix }}" @@ -102,7 +102,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{student_total}}" + Students: "{{ student_total|int }}" Subnet: '{{ ec2_name_prefix }}-subnet1' Workshop: "{{ ec2_name_prefix }}" uuid: "{{ ec2_name_prefix }}" @@ -125,7 +125,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{student_total}}" + Students: "{{ student_total|int }}" Subnet: '{{ ec2_name_prefix }}-subnet2' Workshop: "{{ ec2_name_prefix }}" uuid: "{{ ec2_name_prefix }}" @@ -210,7 +210,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{student_total}}" + Students: "{{ student_total|int }}" short_name: "checkpoint_gw" username: "{{ec2_info.checkpoint_gw.username}}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_attacksim.yml b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_attacksim.yml index 9aa975c34..2ffbf4b6a 100644 --- a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_attacksim.yml +++ b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_attacksim.yml @@ -6,7 +6,7 @@ instance_type: "{{ ec2_info['rhel8']['size'][list_count|int] }}" image_id: "{{ attacker_ami['image_id'] }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: "tag:Workshop_attacker": "{{ ec2_name_prefix }}-attacker" @@ -19,7 +19,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Ansible_Workshops: "This was provisioned through the ansible workshops provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" username: '{{ ec2_info["rhel8"]["username"] }}' short_name: "attacker" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_checkpoint_mgmt.yml b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_checkpoint_mgmt.yml index 131c020f6..0b54ad1bd 100644 --- a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_checkpoint_mgmt.yml +++ b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_checkpoint_mgmt.yml @@ -6,7 +6,7 @@ instance_type: "{{ ec2_info['checkpoint_mgmt']['size'][list_count|int] }}" image_id: "{{ checkpoint_mgmt_ami['image_id'] }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" user_data: "{{ lookup('template', 'gaia-mgmt-ftw-user-data.sh.j2') }}" state: running filters: @@ -20,7 +20,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Ansible_Workshops: "This was provisioned through the ansible workshops provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" username: "{{ ec2_info['checkpoint_mgmt']['username'] }}" short_name: "checkpoint_mgmt" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_qradar.yml b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_qradar.yml index f006144e9..adf334fea 100644 --- a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_qradar.yml +++ b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_qradar.yml @@ -6,7 +6,7 @@ instance_type: "{{ ec2_info['qradar']['size'][list_count|int] }}" image_id: "{{ qradar_ami['image_id'] }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: "tag:Workshop_qradar": "{{ ec2_name_prefix }}-qradar" @@ -19,7 +19,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Ansible_Workshops: "This was provisioned through the ansible workshops provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" username: '{{ ec2_info["qradar"]["username"] }}' short_name: "qradar" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_snort.yml b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_snort.yml index 5f97539a0..51f62be5d 100644 --- a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_snort.yml +++ b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_snort.yml @@ -6,7 +6,7 @@ instance_type: "{{ ec2_info['rhel8']['size'][list_count|int] }}" image_id: "{{ snort_ami['image_id'] }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: "tag:Workshop_snort": "{{ ec2_name_prefix }}-snort" @@ -19,7 +19,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Ansible_Workshops: "This was provisioned through the ansible workshops provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" username: '{{ ec2_info["rhel8"]["username"] }}' short_name: "snort" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_splunk.yml b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_splunk.yml index 766002382..8fe5ae47f 100644 --- a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_splunk.yml +++ b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_splunk.yml @@ -6,7 +6,7 @@ instance_type: "{{ ec2_info['splunk_enterprise']['size'][list_count|int] }}" image_id: "{{ splunk_ami['image_id'] }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running filters: "tag:Workshop_splunk": "{{ ec2_name_prefix }}-splunk" @@ -19,7 +19,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Ansible_Workshops: "This was provisioned through the ansible workshops provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" username: '{{ ec2_info["splunk_enterprise"]["username"] }}' short_name: "splunk" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_windows_ws.yml b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_windows_ws.yml index 740f98f53..996c66a2d 100644 --- a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_windows_ws.yml +++ b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_create_instances_windows_ws.yml @@ -6,7 +6,7 @@ instance_type: "{{ ec2_info['windows_ws']['size'][list_count|int] }}" image_id: "{{ windows_ws_ami['image_id'] }}" region: "{{ ec2_region }}" - exact_count: "{{ student_total }}" + exact_count: "{{ student_total|int }}" state: running user_data: "{{ lookup('template', 'windows_userdata.txt.j2') }}" filters: @@ -20,7 +20,7 @@ owner: "{{ aws_user }}" Info: "AWS_USERNAME that provisioned this-> {{ aws_user }}" Ansible_Workshops: "This was provisioned through the ansible workshops provisioner" - Students: "{{ student_total }}" + Students: "{{ student_total|int }}" username: "{{ ec2_info['windows_ws']['username'] }}" short_name: "windows_ws" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_subnet2_eni.yml b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_subnet2_eni.yml index cab228fe1..cc9b5f2ea 100644 --- a/roles/manage_ec2_instances/tasks/security_includes/security_ec2_subnet2_eni.yml +++ b/roles/manage_ec2_instances/tasks/security_includes/security_ec2_subnet2_eni.yml @@ -96,7 +96,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{student_total}}" + Students: "{{ student_total|int }}" Subnet: '{{ ec2_name_prefix }}-subnet2' Workshop: "{{ec2_name_prefix}}" ansible-workshops: "true" @@ -117,7 +117,7 @@ Username: "{{ aws_user }}" Info: "Username that provisioned this-> {{ aws_user }}" Linklight: "This was provisioned through the linklight provisioner" - Students: "{{student_total}}" + Students: "{{ student_total|int }}" Subnet: '{{ ec2_name_prefix }}-subnet2' Workshop: "{{ec2_name_prefix}}" ansible-workshops: "true" diff --git a/roles/manage_ec2_instances/tasks/teardown.yml b/roles/manage_ec2_instances/tasks/teardown.yml index e0ca4a72d..a78b372d1 100644 --- a/roles/manage_ec2_instances/tasks/teardown.yml +++ b/roles/manage_ec2_instances/tasks/teardown.yml @@ -114,7 +114,7 @@ state: absent instance_ids: "{{ all_workshop_vpc_nodes.instances | map(attribute='instance_id') | list }}" wait: true - wait_timeout: "{{ student_total * 300 | int}}" + wait_timeout: "{{ student_total|int * 300 | int}}" register: result_ec2_destroy when: - all_workshop_vpc_nodes.instances @@ -140,7 +140,7 @@ state: absent instance_ids: "{{ all_workshop_vpc2_nodes.instances | map(attribute='instance_id') | list }}" wait: true - wait_timeout: "{{ student_total * 300 | int}}" + wait_timeout: "{{ student_total|int * 300 | int}}" register: result_ec2_destroy2 when: - ec2_vpc_id2 is defined @@ -395,7 +395,7 @@ when: workshop_type == 'security' block: - name: Get EIP informaion - community.aws.ec2_eip_info: + amazon.aws.ec2_eip_info: region: "{{ ec2_region }}" filters: "tag:Workshop": "{{ ec2_name_prefix }}" @@ -407,7 +407,7 @@ when: debug_teardown - name: Release EIPs - community.aws.ec2_eip: + amazon.aws.ec2_eip: region: "{{ ec2_region }}" public_ip: "{{ item['public_ip'] }}" state: absent @@ -421,21 +421,21 @@ iam_name: "ControlNode_{{ ec2_name_prefix }}_student{{ item }}" policy_name: "IAMPolicy_{{ ec2_name_prefix }}_student{{ item }}" state: absent - loop: "{{ range(1, student_total + 1)|list }}" + loop: "{{ range(1, student_total|int + 1)|list }}" - name: Remove VPC Lock Down role community.aws.iam_role: name: "VPCLockDown_{{ ec2_name_prefix }}_student{{ item }}" state: absent delete_instance_profile: true - loop: "{{ range(1, student_total + 1)|list }}" + loop: "{{ range(1, student_total|int + 1)|list }}" - name: Remove control node instance role community.aws.iam_role: name: "ControlNode_{{ ec2_name_prefix }}_student{{ item }}" state: absent delete_instance_profile: true - loop: "{{ range(1, student_total + 1)|list }}" + loop: "{{ range(1, student_total|int + 1)|list }}" when: tower_node_aws_api_access|default(false)|bool ignore_errors: true diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_configascode.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_configascode.j2 index 35931137f..d5d00847f 100644 --- a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_configascode.j2 +++ b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_configascode.j2 @@ -46,7 +46,7 @@ ansible_ssh_private_key_file="{{ playbook_dir }}/{{ ec2_name_prefix }}/{{ ec2_na {% endfor %} {% endif %} -{% for user in range(1,student_total + 1) %} +{% for user in range(1,student_total|int + 1) %} [student{{ user }}] {% for host in hostvars %} {% if "student" + user|string + "-" in host -%} diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_demo.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_demo.j2 index 45ebe143d..f1d05c500 100644 --- a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_demo.j2 +++ b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_demo.j2 @@ -12,7 +12,7 @@ ansible_port={{ ssh_port }} {% endfor %} {% endif %} -{% for number in range(1,student_total + 1) %} +{% for number in range(1,student_total|int + 1) %} [student{{ number }}] {% for host in ansible_node_facts.instances %} {% if 'student' ~ number == host.tags.Student %} diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_devops.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_devops.j2 index 7a5418dce..a97b4455f 100644 --- a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_devops.j2 +++ b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_devops.j2 @@ -12,7 +12,7 @@ ansible_port={{ ssh_port }} {% endfor %} {% endif %} -{% for number in range(1,student_total + 1) %} +{% for number in range(1,student_total|int + 1) %} [student{{ number }}] {% for host in ansible_node_facts.instances %} {% if 'student' ~ number == host.tags.Student %} diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_f5.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_f5.j2 index c0c4feae3..55dd9ff40 100644 --- a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_f5.j2 +++ b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_f5.j2 @@ -12,7 +12,7 @@ ansible_port={{ ssh_port }} {% endfor %} {% endif %} -{% for number in range(1,student_total + 1) %} +{% for number in range(1,student_total|int + 1) %} [student{{ number }}] {% for host in ansible_node_facts.instances %} {% if 'student' ~ number == host.tags.Student %} diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_middleware.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_middleware.j2 index 77f03123e..b31a420b8 100644 --- a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_middleware.j2 +++ b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_middleware.j2 @@ -3,7 +3,7 @@ ansible_port={{ ssh_port }} {% endif %} -{% for number in range(1,student_total + 1) %} +{% for number in range(1,student_total|int + 1) %} [student{{ number }}] {% for host in ansible_node_facts.instances %} {% if 'student' ~ number == host.tags.Student %} diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_network.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_network.j2 index 50df9cd5b..ffb2c99cd 100644 --- a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_network.j2 +++ b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_network.j2 @@ -16,7 +16,7 @@ ansible_ssh_private_key_file="{{ playbook_dir }}/{{ ec2_name_prefix }}/{{ ec2_na {% endfor %} {% endif %} -{% for number in range(1,student_total + 1) %} +{% for number in range(1,student_total|int + 1) %} [student{{ number }}] {% for host in ansible_node_facts.instances %} {% if 'student' ~ number == host.tags.Student %} diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_rhel.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_rhel.j2 index 378a1d10f..2ab40b400 100644 --- a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_rhel.j2 +++ b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_rhel.j2 @@ -4,7 +4,7 @@ ansible_port={{ ssh_port }} ansible_ssh_private_key_file="{{ playbook_dir }}/{{ ec2_name_prefix }}/{{ ec2_name_prefix }}-private.pem" {% endif %} -{% for number in range(1,student_total + 1) %} +{% for number in range(1,student_total|int + 1) %} [student{{ number }}] {% for host in ansible_node_facts.instances %} {% if 'student' ~ number == host.tags.Student %} diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_ripu.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_ripu.j2 index f6eb0027d..8bba9f5f8 100644 --- a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_ripu.j2 +++ b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_ripu.j2 @@ -4,7 +4,7 @@ ansible_port={{ ssh_port }} ansible_ssh_private_key_file="{{ playbook_dir }}/{{ ec2_name_prefix }}/{{ ec2_name_prefix }}-private.pem" {% endif %} -{% for number in range(1,student_total + 1) %} +{% for number in range(1,student_total|int + 1) %} [student{{ number }}] {% for host in ansible_node_facts.instances %} {% if 'student' ~ number == host.tags.Student %} diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_security.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_security.j2 index 2cc8a641f..e62044ec4 100644 --- a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_security.j2 +++ b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_security.j2 @@ -12,7 +12,7 @@ ansible_port={{ ssh_port }} {% endfor %} {% endif %} -{% for number in range(1,student_total + 1) %} +{% for number in range(1,student_total|int + 1) %} [student{{ number }}] {% for host in ansible_node_facts.instances %} {% if 'student' ~ number == host.tags.Student %} diff --git a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_windows.j2 b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_windows.j2 index 221b60f45..d2b2156a4 100755 --- a/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_windows.j2 +++ b/roles/manage_ec2_instances/templates/instructor_inventory/instructor_inventory_windows.j2 @@ -60,7 +60,7 @@ ansible_ssh_private_key_file="{{ playbook_dir }}/{{ ec2_name_prefix }}/{{ ec2_na {% endfor %} {% endif %} -{% for user in range(1,student_total + 1) %} +{% for user in range(1,student_total|int + 1) %} [student{{ user }}] {% for host in hostvars %} {% if "student" + user|string + "-" in host -%} diff --git a/roles/populate_controller/defaults/main.yml b/roles/populate_controller/defaults/main.yml index 08846e312..d2044ce53 100644 --- a/roles/populate_controller/defaults/main.yml +++ b/roles/populate_controller/defaults/main.yml @@ -11,3 +11,10 @@ smart_mgmt_ee: "quay.io/s4v0/ee-automated-smart-mgmt-29:latest" auto_satellite_ee: "quay.io/s4v0/ee-automated-satellite-aap2:latest" configascode_ee: "registry.redhat.io/ansible-automation-platform-21/ee-minimal-rhel8:latest" ripu_ee: "registry.redhat.io/ansible-automation-platform-23/ee-supported-rhel8:1.0.0-208" +run_commands_user: "ec2-user" +controller_validate_certs: false +controller_hostname: "https://{{ ansible_host }}" +controller_username: "admin" +controller_password: "{{ admin_password }}" +controller_request_timeout: 200 +controller_configuration_projects_async_retries: 35 \ No newline at end of file diff --git a/roles/populate_controller/tasks/main.yml b/roles/populate_controller/tasks/main.yml index b66750db7..b23c14345 100644 --- a/roles/populate_controller/tasks/main.yml +++ b/roles/populate_controller/tasks/main.yml @@ -71,21 +71,21 @@ delay: 3 retries: 5 -- name: copy inventory to awx user - copy: - src: "/home/{{ username }}/lab_inventory/hosts" - remote_src: true - dest: /var/lib/awx/hosts - owner: awx - group: awx +# - name: copy inventory to awx user +# copy: +# src: "/home/{{ username }}/lab_inventory/hosts" +# remote_src: true +# dest: "/home/{{ run_commands_user }}" +# owner: "{{ run_commands_user }}" +# group: "{{ run_commands_user }}" -- name: import inventory - become_user: awx - shell: 'tower-manage inventory_import --source=/var/lib/awx/hosts --inventory-name="Workshop Inventory"' - register: import_inventory - until: import_inventory is not failed - retries: 5 -#### end of inventory +# - name: import inventory +# become_user: "{{ run_commands_user }}" +# shell: 'awx-manage inventory_import --source=/home/{{ run_commands_user }}/hosts --inventory-name="Workshop Inventory"' +# register: import_inventory +# until: import_inventory is not failed +# retries: 5 +# #### end of inventory ### USER - name: add student user @@ -100,52 +100,6 @@ controller_host: "https://{{ ansible_host }}" validate_certs: false -#### REMOVE BUILT-IN DEMO CONTENT -- name: delete demo job template - awx.awx.job_template: - name: "Demo Job Template" - state: absent - controller_username: admin - controller_password: "{{ admin_password }}" - controller_host: "https://{{ ansible_host }}" - validate_certs: false - -- name: remove demo credential - awx.awx.credential: - name: "Demo Credential" - credential_type: Machine - state: absent - organization: "" - inputs: - username: admin - controller_username: admin - controller_password: "{{ admin_password }}" - controller_host: "https://{{ ansible_host }}" - validate_certs: false - -- name: remove demo inventory - awx.awx.inventory: - name: "Demo Inventory" - organization: "Default" - state: absent - controller_username: admin - controller_password: "{{ admin_password }}" - controller_host: "https://{{ ansible_host }}" - validate_certs: false - -- name: remove built-in demo project - awx.awx.project: - name: "Demo Project" - organization: "Default" - scm_type: git - scm_url: "https://github.com/ansible/ansible-tower-samples" - state: absent - controller_username: admin - controller_password: "{{ admin_password }}" - controller_host: "https://{{ ansible_host }}" - validate_certs: false -#### END OF REMOVE BUILT-IN DEMO CONTENT - # Workshop specific execution environments - name: Add specific workshop execution environment awx.awx.execution_environment: @@ -160,5 +114,5 @@ - name: setup workshop specific controller information include_tasks: "{{item}}" with_first_found: - - "{{role_path}}/tasks/{{workshop_type}}.yml" - - "{{role_path}}/tasks/unsupported_workshop.yml" + - "{{ role_path }}/tasks/{{ workshop_type }}.yml" + - "{{ role_path }}/tasks/unsupported_workshop.yml" diff --git a/roles/populate_controller/tasks/network.yml b/roles/populate_controller/tasks/network.yml index 384e933c4..7fdd8bded 100644 --- a/roles/populate_controller/tasks/network.yml +++ b/roles/populate_controller/tasks/network.yml @@ -1,126 +1,100 @@ --- - name: use COP controller_configuration collection when: controller_projects is defined - vars: - controller_validate_certs: false - controller_hostname: "https://{{ ansible_host }}" - controller_username: "admin" - controller_password: "{{ admin_password }}" include_role: name: '{{ setup_controller }}' loop: - 'redhat_cop.controller_configuration.hosts' - 'redhat_cop.controller_configuration.organizations' + - 'redhat_cop.controller_configuration.users' + - 'redhat_cop.controller_configuration.teams' + - 'redhat_cop.controller_configuration.projects' + - 'redhat_cop.controller_configuration.job_templates' + - 'redhat_cop.controller_configuration.roles' + - 'redhat_cop.controller_configuration.groups' loop_control: loop_var: setup_controller -- name: add user nwoperator - awx.awx.user: - username: network-operator - password: "{{ admin_password }}" - email: nwops@redhat.com - first_name: Issac - last_name: Assimov - state: present - superuser: false - controller_username: admin - controller_password: "{{ admin_password }}" - controller_host: "https://{{ ansible_host }}" - validate_certs: false +- name: Debug the student number via the username var + ansible.builtin.debug: + msg: + - "student: {{ student_number }}" + - "{{ groups['routers'] }}" -- name: add user NWADMIN - awx.awx.user: - username: network-admin - password: "{{ admin_password }}" - email: nwadmin@redhat.com - first_name: Larry - last_name: Niven - state: present - superuser: false - controller_username: admin - controller_password: "{{ admin_password }}" - controller_host: "https://{{ ansible_host }}" - validate_certs: false +- name: Filter hosts containing student number + ansible.builtin.set_fact: + student_hosts: "{{ groups['routers'] | select('search', student_number ~ '-') | list }}" -- name: add user BOB - awx.awx.user: - username: bbelcher - password: "{{ admin_password }}" - email: bbelcher@redhat.com - first_name: Bob - last_name: Belcher - state: present - superuser: true +- name: Debug hosts for + ansible.builtin.debug: + msg: "{{ student_hosts }}" + +- name: Add devices into controller inventory + awx.awx.host: + name: "{{ hostvars[item].short_name }}" + enabled: true + inventory: "Workshop Inventory" controller_username: admin controller_password: "{{ admin_password }}" controller_host: "https://{{ ansible_host }}" validate_certs: false + variables: + ansible_host: "{{ hostvars[item].ansible_host }}" + private_ip: "{{ hostvars[item].private_ip }}" + loop: "{{ student_hosts }}" -- name: add user TINA - awx.awx.user: - username: tbelcher - password: "{{ admin_password }}" - email: tbelcher@redhat.com - first_name: Tina - last_name: Belcher - state: present - controller_username: admin - controller_password: "{{ admin_password }}" - controller_host: "https://{{ ansible_host }}" - validate_certs: false +- name: Filter hosts where ansible_network_os is set to 'ios' + ansible.builtin.set_fact: + # cisco_routers: "{{ hostvars|dictsort|selectattr('0', 'in', student_hosts)|selectattr('1.ansible_network_os', 'eq', 'ios')|map(attribute='0') }}" + cisco_routers_short_names: "{{ hostvars|dictsort|selectattr('0', 'in', groups.routers)|selectattr('1.ansible_network_os', 'eq', 'ios')|map(attribute='0')|map('extract', hostvars, 'short_name')|list }}" + arista_routers: "{{ hostvars|dictsort|selectattr('0', 'in', student_hosts)|selectattr('1.ansible_network_os', 'eq', 'eos')|map(attribute='0')|map('extract', hostvars, 'short_name')|list }}" + juniper_routers: "{{ hostvars|dictsort|selectattr('0', 'in', student_hosts)|selectattr('1.ansible_network_os', 'eq', 'junos')|map(attribute='0')|map('extract', hostvars, 'short_name')|list }}" + +# - name: Filter hosts where ansible_network_os is set to 'ios' +# set_fact: +# cisco_routers: "{{ cisco_routers | default([]) + [item] }}" +# loop: "{{ groups['routers'] }}" +# when: hostvars[item]['ansible_network_os'] == 'ios' -- name: add user LOUISE - awx.awx.user: - username: lbelcher - password: "{{ admin_password }}" - email: lbelcher@redhat.com - first_name: Louise - last_name: Belcher - state: present +- name: Debug the routers + debug: + msg: + - "cisco_routers_short_names: {{ cisco_routers_short_names }}" + - "arista_routers: {{ arista_routers }}" + - "juniper_routers: {{ juniper_routers }}" + +- name: Add hosts to group cisco + awx.awx.group: + name: cisco + inventory: "Workshop Inventory" + hosts: "{{ cisco_routers_short_names }}" + preserve_existing_hosts: True + preserve_existing_children: True controller_username: admin controller_password: "{{ admin_password }}" controller_host: "https://{{ ansible_host }}" - validate_certs: false + validate_certs: false -- name: add user LINDA - awx.awx.user: - username: libelcher - password: "{{ admin_password }}" - email: libelcher@redhat.com - first_name: Linda - last_name: Belcher - state: present +- name: Add hosts to juniper + awx.awx.group: + name: juniper + inventory: "Workshop Inventory" + hosts: "{{ juniper_routers }}" + preserve_existing_hosts: True + preserve_existing_children: True controller_username: admin controller_password: "{{ admin_password }}" controller_host: "https://{{ ansible_host }}" - validate_certs: false + validate_certs: false -- name: add user GENE - awx.awx.user: - username: gbelcher - password: "{{ admin_password }}" - email: gbelcher@redhat.com - first_name: Gene - last_name: Belcher - state: present +- name: Add hosts to arista + awx.awx.group: + name: arista + inventory: "Workshop Inventory" + hosts: "{{ arista_routers }}" + preserve_existing_hosts: True + preserve_existing_children: True controller_username: admin controller_password: "{{ admin_password }}" controller_host: "https://{{ ansible_host }}" - validate_certs: false - -- name: use COP controller_configuration collection - when: controller_projects is defined - vars: - controller_validate_certs: false - controller_hostname: "https://{{ ansible_host }}" - controller_username: "admin" - controller_password: "{{ admin_password }}" - include_role: - name: '{{ setup_controller }}' - loop: - - 'redhat_cop.controller_configuration.teams' - - 'redhat_cop.controller_configuration.projects' - - 'redhat_cop.controller_configuration.job_templates' - - 'redhat_cop.controller_configuration.roles' - loop_control: - loop_var: setup_controller + validate_certs: false \ No newline at end of file diff --git a/roles/populate_controller/tasks/ripu.yml b/roles/populate_controller/tasks/ripu.yml new file mode 100644 index 000000000..3ec0e32fe --- /dev/null +++ b/roles/populate_controller/tasks/ripu.yml @@ -0,0 +1,89 @@ +--- +- name: use COP controller_configuration collection + vars: + controller_validate_certs: false + controller_hostname: "https://{{ ansible_host }}" + controller_username: "admin" + controller_password: "{{ admin_password }}" + include_role: + name: '{{ setup_controller }}' + loop: + - 'redhat_cop.controller_configuration.groups' + loop_control: + loop_var: setup_controller + +- name: Debug the student number via the username var + ansible.builtin.debug: + msg: + - "student: {{ student_number }}" + - "{{ groups['lab_hosts'] }}" + +- name: Filter hosts containing student number + ansible.builtin.set_fact: + student_hosts: "{{ groups['lab_hosts'] | select('search', student_number ~ '-') | list }}" + student_control_nodes: "{{ groups['control_nodes'] | select('search', student_number ~ '-') | list }}" + +- name: Debug hosts for + ansible.builtin.debug: + msg: + - "{{ student_hosts }}" + - "{{ student_control_nodes }}" + +- name: Add devices into controller inventory + awx.awx.host: + name: "{{ hostvars[item].short_name }}" + enabled: true + inventory: "Workshop Inventory" + controller_username: admin + controller_password: "{{ admin_password }}" + controller_host: "https://{{ ansible_host }}" + validate_certs: false + variables: + ansible_host: "{{ hostvars[item].private_ip }}" + loop: "{{ student_hosts }}" + +- name: Add devices into controller inventory + awx.awx.host: + name: "{{ hostvars[item].short_name }}" + enabled: true + inventory: "Workshop Inventory" + controller_username: admin + controller_password: "{{ admin_password }}" + controller_host: "https://{{ ansible_host }}" + validate_certs: false + variables: + ansible_host: "{{ hostvars[item].private_ip }}" + loop: "{{ student_control_nodes }}" + +- name: Get list of hosts by short_names + ansible.builtin.set_fact: + web_short_names: "{{ groups['lab_hosts'] | map('extract', hostvars) | map(attribute='short_name') | list }}" + control_short_names: "{{ groups['control_nodes'] | map('extract', hostvars) | map(attribute='short_name') | list }}" + +- name: Print host short_names list to terminal + debug: + var: web_short_names + +- name: Add web hosts to the web group + awx.awx.group: + name: web + inventory: "Workshop Inventory" + hosts: "{{ web_short_names }}" + preserve_existing_hosts: True + preserve_existing_children: True + controller_username: admin + controller_password: "{{ admin_password }}" + controller_host: "https://{{ ansible_host }}" + validate_certs: false + +- name: Add web hosts to the web group + awx.awx.group: + name: control + inventory: "Workshop Inventory" + hosts: "{{ control_short_names }}" + preserve_existing_hosts: True + preserve_existing_children: True + controller_username: admin + controller_password: "{{ admin_password }}" + controller_host: "https://{{ ansible_host }}" + validate_certs: false diff --git a/roles/populate_controller/tasks/smart_mgmt.yml b/roles/populate_controller/tasks/smart_mgmt.yml new file mode 100644 index 000000000..70404b54e --- /dev/null +++ b/roles/populate_controller/tasks/smart_mgmt.yml @@ -0,0 +1,104 @@ +--- +- name: use COP controller_configuration collection + when: controller_projects is defined + vars: + controller_validate_certs: false + controller_hostname: "https://{{ ansible_host }}" + controller_username: "admin" + controller_password: "{{ admin_password }}" + include_role: + name: '{{ setup_controller }}' + loop: + - 'redhat_cop.controller_configuration.hosts' + - 'redhat_cop.controller_configuration.organizations' + - 'redhat_cop.controller_configuration.users' + - 'redhat_cop.controller_configuration.teams' + - 'redhat_cop.controller_configuration.projects' + - 'redhat_cop.controller_configuration.job_templates' + - 'redhat_cop.controller_configuration.roles' + - 'redhat_cop.controller_configuration.groups' + loop_control: + loop_var: setup_controller + +- name: Debug the student number via the username var + ansible.builtin.debug: + msg: + - "student: {{ student_number }}" + - "{{ groups['rhel'] }}" + +- name: Filter hosts containing student number + ansible.builtin.set_fact: + student_hosts: "{{ groups['rhel'] | select('search', student_number ~ '-') | list }}" + +- name: Debug hosts for + ansible.builtin.debug: + msg: "{{ student_hosts }}" + +- name: Add devices into controller inventory + awx.awx.host: + name: "{{ hostvars[item].short_name }}" + enabled: true + inventory: "Workshop Inventory" + controller_username: admin + controller_password: "{{ admin_password }}" + controller_host: "https://{{ ansible_host }}" + validate_certs: false + variables: + ansible_host: "{{ hostvars[item].private_ip }}" + loop: "{{ student_hosts }}" + +# - name: Filter hosts where ansible_network_os is set to 'ios' +# ansible.builtin.set_fact: +# # cisco_routers: "{{ hostvars|dictsort|selectattr('0', 'in', student_hosts)|selectattr('1.ansible_network_os', 'eq', 'ios')|map(attribute='0') }}" +# cisco_routers_short_names: "{{ hostvars|dictsort|selectattr('0', 'in', groups.routers)|selectattr('1.ansible_network_os', 'eq', 'ios')|map(attribute='0')|map('extract', hostvars, 'short_name')|list }}" +# arista_routers: "{{ hostvars|dictsort|selectattr('0', 'in', student_hosts)|selectattr('1.ansible_network_os', 'eq', 'eos')|map(attribute='0')|map('extract', hostvars, 'short_name')|list }}" +# juniper_routers: "{{ hostvars|dictsort|selectattr('0', 'in', student_hosts)|selectattr('1.ansible_network_os', 'eq', 'junos')|map(attribute='0')|map('extract', hostvars, 'short_name')|list }}" + +# - name: Filter hosts where ansible_network_os is set to 'ios' +# set_fact: +# cisco_routers: "{{ cisco_routers | default([]) + [item] }}" +# loop: "{{ groups['routers'] }}" +# when: hostvars[item]['ansible_network_os'] == 'ios' + +# - name: Debug the routers +# debug: +# msg: +# - "cisco_routers_short_names: {{ cisco_routers_short_names }}" +# - "arista_routers: {{ arista_routers }}" +# - "juniper_routers: {{ juniper_routers }}" + +# - name: Add hosts to group cisco +# awx.awx.group: +# name: cisco +# inventory: "Workshop Inventory" +# hosts: "{{ cisco_routers_short_names }}" +# preserve_existing_hosts: True +# preserve_existing_children: True +# controller_username: admin +# controller_password: "{{ admin_password }}" +# controller_host: "https://{{ ansible_host }}" +# validate_certs: false + +# - name: Add hosts to juniper +# awx.awx.group: +# name: juniper +# inventory: "Workshop Inventory" +# hosts: "{{ juniper_routers }}" +# preserve_existing_hosts: True +# preserve_existing_children: True +# controller_username: admin +# controller_password: "{{ admin_password }}" +# controller_host: "https://{{ ansible_host }}" +# validate_certs: false + +# - name: Add hosts to arista +# awx.awx.group: +# name: arista +# inventory: "Workshop Inventory" +# hosts: "{{ arista_routers }}" +# preserve_existing_hosts: True +# preserve_existing_children: True +# controller_username: admin +# controller_password: "{{ admin_password }}" +# controller_host: "https://{{ ansible_host }}" +# validate_certs: false \ No newline at end of file diff --git a/roles/populate_controller/tasks/unsupported_workshop.yml b/roles/populate_controller/tasks/unsupported_workshop.yml index e797e0763..0bfbb7f3a 100644 --- a/roles/populate_controller/tasks/unsupported_workshop.yml +++ b/roles/populate_controller/tasks/unsupported_workshop.yml @@ -1,4 +1,4 @@ --- - name: unsupported workshop for populate_controller role debug: - msg: "no more setup for populate_controller role the {{workshop_type}} does not have any specific setup specified" + msg: "no more setup for populate_controller role the {{ workshop_type }} does not have any specific setup specified" diff --git a/roles/populate_controller/vars/network.yml b/roles/populate_controller/vars/network.yml index 96e2ddf78..901c87515 100644 --- a/roles/populate_controller/vars/network.yml +++ b/roles/populate_controller/vars/network.yml @@ -3,11 +3,18 @@ controller_hosts: - name: "backup-server" description: "this server is where we backup network configuration" inventory: "Workshop Inventory" + enabled: true variables: note: in production these passwords would be encrypted in vault ansible_user: "ec2-user" ansible_password: "{{ admin_password }}" ansible_host: "{{ ansible_host }}" + - name: "ansible-1" + description: "control node where AAP is running" + inventory: "Workshop Inventory" + enabled: true + variables: + ansible_user: "ec2-user" controller_organizations: - name: "Red Hat network organization" description: "Red Hat Network Organization" @@ -152,3 +159,35 @@ controller_templates: survey_enabled: true survey: "{{ lookup('template', 'system.json') }}" execution_environment: "network workshop execution environment" +controller_groups: + - name: cisco + inventory: "Workshop Inventory" + variables: + ansible_network_os: ios + ansible_connection: network_cli + - name: arista + inventory: "Workshop Inventory" + variables: + ansible_network_os: eos + ansible_connection: network_cli + ansible_become: true + ansible_become_method: enable + - name: juniper + inventory: "Workshop Inventory" + variables: + ansible_network_os: junos + ansible_connection: netconf + - name: routers + inventory: "Workshop Inventory" + children: + - cisco + - arista + - juniper + - name: network + inventory: "Workshop Inventory" + children: + - routers + variables: + restore_inventory: "Workshop Inventory" + restore_credential: "Workshop Credential" + restore_project: "Workshop Project" \ No newline at end of file diff --git a/roles/populate_controller/vars/ripu.yml b/roles/populate_controller/vars/ripu.yml new file mode 100644 index 000000000..9c0b65875 --- /dev/null +++ b/roles/populate_controller/vars/ripu.yml @@ -0,0 +1,6 @@ +--- +controller_groups: + - name: control + inventory: "Workshop Inventory" + - name: web + inventory: "Workshop Inventory" diff --git a/roles/populate_controller/vars/smart_mgmt.yml b/roles/populate_controller/vars/smart_mgmt.yml new file mode 100644 index 000000000..50bd7e13f --- /dev/null +++ b/roles/populate_controller/vars/smart_mgmt.yml @@ -0,0 +1,53 @@ +controller_groups: + - name: node + inventory: "Workshop Inventory" + - name: rhel + inventory: "Workshop Inventory" + variables: + ansible_user: ec2-user + - name: centos + inventory: "Workshop Inventory" + children: + - centos6 + - centos7 + variables: + ansible_user: centos + - name: cenos6 + inventory: "Workshop Inventory" + hosts: + - "node7.example.com" + - "node8.example.com" + - "node9.example.com" + - name: centos7 + inventory: "Workshop Inventory" + hosts: + - "node4.example.com" + - "node5.example.com" + - "node6.example.com" + - name: "{{ rhel | default('rhel8') }}" + inventory: "Workshop Inventory" + hosts: + - "node1.example.com" + - "node2.example.com" + - "node3.example.com" + - name: satellite + inventory: "Workshop Inventory" +controller_hosts: + - name: "node4.example.com" + inventory: "Workshop Inventory" + enabled: true + - name: "node5.example.com" + inventory: "Workshop Inventory" + enabled: true + - name: "node6.example.com" + inventory: "Workshop Inventory" + enabled: true + - name: "node7.example.com" + inventory: "Workshop Inventory" + enabled: true + - name: "node8.example.com" + inventory: "Workshop Inventory" + enabled: true + - name: "node9.example.com" + inventory: "Workshop Inventory" + enabled: true \ No newline at end of file diff --git a/roles/splunk_enterprise/tasks/main.yml b/roles/splunk_enterprise/tasks/main.yml index b0ea48c7f..3080fc582 100644 --- a/roles/splunk_enterprise/tasks/main.yml +++ b/roles/splunk_enterprise/tasks/main.yml @@ -12,7 +12,7 @@ query: record_sets hosted_zone_id: "{{AWSINFO.zone_id}}" start_record_name: "student1.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" - max_items: "{{student_total}}" + max_items: "{{ student_total|int }}" register: record_sets - name: DELETE DNS ENTRIES FOR EACH STUDENT @@ -23,7 +23,7 @@ record: "student{{item}}.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" type: A value: "{{ (records | first | first)['Value'] }}" - loop: "{{ range(1, student_total + 1)|list }}" + loop: "{{ range(1, student_total|int + 1)|list }}" vars: records: '{{record_sets.ResourceRecordSets | selectattr("Name", "match", "student" + item|string + "." + ec2_name_prefix|lower + "." + workshop_dns_zone) | map(attribute="ResourceRecords") | list }}' when: records diff --git a/roles/tower_request/tasks/main.yml b/roles/tower_request/tasks/main.yml index db6a5d730..d2bd78e18 100644 --- a/roles/tower_request/tasks/main.yml +++ b/roles/tower_request/tasks/main.yml @@ -15,7 +15,7 @@ ec2_name_prefix: "{{ ec2_name_prefix }}" aws_user: "{{ aws_user }}" ec2_region: "{{ ec2_region }}" - student_total: "{{ student_total }}" + student_total: "{{ student_total|int }}" workshop_type: "{{ workshop_type }}" body_format: json rescue: diff --git a/roles/webservers/tasks/ripu.yml b/roles/webservers/tasks/ripu.yml index 33d6ccd4f..d57d65570 100644 --- a/roles/webservers/tasks/ripu.yml +++ b/roles/webservers/tasks/ripu.yml @@ -27,3 +27,35 @@ baseurl: https://people.redhat.com/bmader/leapp-supplements-demo/RHEL/$releasever/$basearch gpgcheck: false enabled: false + +- name: Gather distribution and distribution_major_version facts + ansible.builtin.setup: + gather_subset: + - '!all' + - distribution + - distribution_major_version + +- name: Code block for sshd_config modification on RHEL7 nodes + block: + - name: Set PasswordAuthentication no in sshd_config + ansible.builtin.lineinfile: + path: /etc/ssh/sshd_config + regexp: '^PasswordAuthentication' + line: "PasswordAuthentication no" + + - name: restart ssh + service: + name: sshd + state: restarted + + - name: Wait 400 seconds (using ansible.builtin.wait_for) + ansible.builtin.wait_for: + host: "{{ ansible_host }}" + timeout: 400 + port: 22 + vars: + ansible_connection: local + + when: + - ansible_distribution == 'RedHat' + - ansible_distribution_major_version|int == 7 diff --git a/roles/workshop_attendance/templates/nginx.conf.j2 b/roles/workshop_attendance/templates/nginx.conf.j2 index 9dce0d471..6201873ed 100644 --- a/roles/workshop_attendance/templates/nginx.conf.j2 +++ b/roles/workshop_attendance/templates/nginx.conf.j2 @@ -36,8 +36,10 @@ http { root /usr/share/nginx/html; listen 443 ssl; server_name {{ ec2_name_prefix|lower }}.{{ workshop_dns_zone|lower }}; + {% if issue_cert is not failed %} ssl_certificate /etc/letsencrypt/live/{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone|lower }}/combined.cert; ssl_certificate_key /etc/letsencrypt/live/{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone|lower }}/privkey.pem; + {% endif %} ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; diff --git a/roles/workshop_attendance/templates/workshop.sql.j2 b/roles/workshop_attendance/templates/workshop.sql.j2 index bbea8aad7..29bafa335 100644 --- a/roles/workshop_attendance/templates/workshop.sql.j2 +++ b/roles/workshop_attendance/templates/workshop.sql.j2 @@ -16,17 +16,17 @@ CREATE TABLE IF NOT EXISTS `users` ( ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -{% for number in range(1, student_total + 1) %} +{% for number in range(1, student_total|int + 1) %} {% for host in groups['control_nodes'] %} {% if hostvars[host].student is defined and "student" + number | string == hostvars[host].student %} {% if hostvars[host].student is defined and "student" + number | string == hostvars[host].student %} INSERT INTO `users` (`id`, `ip`, `vscode`, `vscode_display`, `gitlab`, `hub`, `controller`, `username`, `password`) VALUES ({{ number }},'{{ hostvars[host].ansible_host }}', {% if workshop_type == "windows" %} - 'https://student{{ number }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}/editor/?folder=vscode-remote%3A%2F%2Fstudent{{ number }}-code.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}%2Fhome%2Fstudent%2Fwindows-workshop%2Fworkshop_project', + 'https://student{{ number }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}:8080/?folder=vscode-remote%3A%2F%2Fstudent{{ number }}-code.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}%2Fhome%2Fstudent%2Fwindows-workshop%2Fworkshop_project', {% else %} - 'https://student{{ number }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}/editor', + 'https://student{{ number }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}:8080', {% endif %} - 'https://student{{ number }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}/editor', + 'https://student{{ number }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}:8080', {% if workshop_type == "windows" or workshop_type == "configascode" %} 'https://gitlab.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}', {% else %} diff --git a/roles/workshop_check_setup/files/security_requirements.yml b/roles/workshop_check_setup/files/security_requirements.yml new file mode 100644 index 000000000..0563f8434 --- /dev/null +++ b/roles/workshop_check_setup/files/security_requirements.yml @@ -0,0 +1,8 @@ +--- +roles: + - name: ansible_security.ids_config + src: https://github.com/ansible-security/ids_config + - name: ansible_security.ids_install + src: https://github.com/ansible-security/ids_install + - name: geerlingguy.repo-epel + src: https://github.com/geerlingguy/ansible-role-repo-epel \ No newline at end of file diff --git a/roles/workshop_check_setup/tasks/configascode.yml b/roles/workshop_check_setup/tasks/configascode.yml new file mode 100644 index 000000000..130275fd7 --- /dev/null +++ b/roles/workshop_check_setup/tasks/configascode.yml @@ -0,0 +1,5 @@ +--- +- name: Check workshop_type and automation_hub values + fail: + msg: "When workshop_type is 'configascode', automation_hub must be set to true" + when: workshop_type == 'configascode' and (automation_hub is not defined or not automation_hub) diff --git a/roles/workshop_check_setup/tasks/ripu.yml b/roles/workshop_check_setup/tasks/ripu.yml new file mode 100644 index 000000000..5fdd037d9 --- /dev/null +++ b/roles/workshop_check_setup/tasks/ripu.yml @@ -0,0 +1,9 @@ +--- +- name: Assert required keys exist for workshop_type ripu + assert: + that: + - provision_mode is defined + - rhel7 is defined + - rhel8 is defined + - tower_node_aws_api_access is defined + fail_msg: "One or more required keys are missing!" \ No newline at end of file diff --git a/roles/workshop_check_setup/tasks/security.yml b/roles/workshop_check_setup/tasks/security.yml index a9ed7b92e..862a97ef0 100644 --- a/roles/workshop_check_setup/tasks/security.yml +++ b/roles/workshop_check_setup/tasks/security.yml @@ -8,20 +8,6 @@ - name: Install required roles community.general.ansible_galaxy_install: type: role - name: "{{ item }}" + requirements_file: "{{ role_path }}/files/security_requirements.yml" dest: ./workshop_specific/roles/ - async: 600 - poll: 0 - loop: - - 'geerlingguy.repo-epel' - - 'ansible_security.ids_config' - - 'ansible_security.ids_install' register: required_role_loop_out - -- name: Install required roles | Async - ansible.builtin.async_status: - jid: "{{ item['ansible_job_id'] }}" - loop: "{{ required_role_loop_out['results'] }}" - register: job_result - until: job_result.finished - retries: 30 diff --git a/test-requirements.txt b/test-requirements.txt deleted file mode 100644 index b2c729ca4..000000000 --- a/test-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -yamllint diff --git a/tox.ini b/tox.ini deleted file mode 100644 index 8522b2d7d..000000000 --- a/tox.ini +++ /dev/null @@ -1,196 +0,0 @@ -[tox] -envlist = linters,workshop-rhel,workshop-f5,workshop-security,workshop-windows,workshop-networking,workshop-smart_mgmt -skipsdist = true - -[testenv] - -[testenv:linters] -deps = - -r{toxinidir}/test-requirements.txt -commands = - yamllint -s . - -[testenv:workshops] -sitepackages = True -whitelist_externals = - ansible-playbook - ansible-galaxy - bash - curl -deps = - ansible-core - netaddr - pywinrm - requests - requests-credssp - boto - boto3 - paramiko - # TODO(spredzy): This is to by-pass a current issue in CI that causes CI to - # pull urllib3==1.24.2 randomly and runs end up failing with - # ModuleNotFoundError: No module named 'urllib3.packages.six' - urllib3 >= 1.25.10 -setenv = - ANSIBLE_CONFIG = provisioner/ansible.cfg - # globally add more retries and clientside delays to boto functions to fix AWS throttling/timeouts - # https://github.com/boto/botocore/blob/master/botocore/configprovider.py#L99 - AWS_MAX_ATTEMPTS = 10 - AWS_RETRY_MODE = standard -passenv = - AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY - WORKSHOPS_CHANGE_ID -commands_pre = - python provisioner/tests/generate_ci_common.py - ansible --version - ansible-galaxy collection build --verbose --output-path build/ - # tox doesn't expand wildcards, so we run a shell to expand it explicitly - /bin/sh -c 'ansible-galaxy collection install --verbose build/*.tar.gz' - # monkeypatching to prevent route53 throttling (backoffs and pauses are ineffective) - /bin/sh -c 'sed -E -i -e "s/record_sets = .*build_full_result\(\)/record_sets = client.list_resource_record_sets(**params)/" "$(find /root/ /home/ /usr/ -name route53_info.py)"' -[testenv:workshop-rhel] -sitepackages = - {[testenv:workshops]sitepackages} -whitelist_externals = - {[testenv:workshops]whitelist_externals} -deps = - {[testenv:workshops]deps} -setenv = - {[testenv:workshops]setenv} -passenv = - {[testenv:workshops]passenv} -commands_pre = - {[testenv:workshops]commands_pre} -commands = - ansible-playbook provisioner/provision_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-rhel.yml - bash ./provisioner/tests/verify-rhel.sh -commands_post = - ansible-playbook provisioner/teardown_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-rhel.yml - -[testenv:workshop-security] -sitepackages = - {[testenv:workshops]sitepackages} -whitelist_externals = - {[testenv:workshops]whitelist_externals} -deps = - {[testenv:workshops]deps} -setenv = - {[testenv:workshops]setenv} -passenv = - {[testenv:workshops]passenv} -commands_pre = - {[testenv:workshops]commands_pre} -commands = - ansible-playbook provisioner/provision_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-security.yml -commands_post = - ansible-playbook provisioner/teardown_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-security.yml - -[testenv:workshop-f5] -sitepackages = - {[testenv:workshops]sitepackages} -whitelist_externals = - {[testenv:workshops]whitelist_externals} -deps = - {[testenv:workshops]deps} -setenv = - {[testenv:workshops]setenv} -passenv = - {[testenv:workshops]passenv} -commands_pre = - {[testenv:workshops]commands_pre} -commands = - ansible-playbook provisioner/provision_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-f5.yml - bash ./provisioner/tests/verify-f5.sh -commands_post = - ansible-playbook provisioner/teardown_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-f5.yml - -[testenv:workshop-windows] -sitepackages = - {[testenv:workshops]sitepackages} -whitelist_externals = - {[testenv:workshops]whitelist_externals} -deps = - {[testenv:workshops]deps} -setenv = - {[testenv:workshops]setenv} -passenv = - {[testenv:workshops]passenv} -commands_pre = - {[testenv:workshops]commands_pre} -commands = - ansible-playbook provisioner/provision_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-windows.yml -commands_post = - ansible-playbook provisioner/teardown_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-windows.yml - -[testenv:workshop-networking] -sitepackages = - {[testenv:workshops]sitepackages} -whitelist_externals = - {[testenv:workshops]whitelist_externals} -deps = - {[testenv:workshops]deps} -setenv = - {[testenv:workshops]setenv} -passenv = - {[testenv:workshops]passenv} -commands_pre = - {[testenv:workshops]commands_pre} -commands = - ansible-playbook provisioner/provision_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-networking.yml -commands_post = - ansible-playbook provisioner/teardown_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-networking.yml - -[testenv:workshop-smart_mgmt] -sitepackages = - {[testenv:workshops]sitepackages} -whitelist_externals = - {[testenv:workshops]whitelist_externals} -deps = - {[testenv:workshops]deps} -setenv = - {[testenv:workshops]setenv} -passenv = - {[testenv:workshops]passenv} -commands_pre = - {[testenv:workshops]commands_pre} -commands = - ansible-playbook provisioner/provision_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-smart_mgmt.yml - bash ./provisioner/tests/verify-rhel.sh -commands_post = - ansible-playbook provisioner/teardown_lab.yml \ - -e @provisioner/tests/vars.yml \ - -e @provisioner/tests/ci-common.yml \ - -e @provisioner/tests/ci-smart_mgmt.yml diff --git a/vars.yml b/vars.yml deleted file mode 100644 index 104ae8794..000000000 --- a/vars.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: GigabitEthernet0/1 - address_family: - - afi: ipv4 - process: - id: 10 - area_id: 30 -