diff --git a/.gitignore b/.gitignore index b851a07bb..65c7d43f2 100644 --- a/.gitignore +++ b/.gitignore @@ -19,7 +19,7 @@ ansible/ *.retry demos/servicenow/private.yml *.html -!exercises/ansible_rhel/1.3-playbook/index.html +!exercises/ansible_rhel/1.3-playbook/web.html demos/servicenow/closed_loop_incident_mgmt/input_vars.yaml demos/servicenow/closed_loop_incident_mgmt/snow_demo2/snow_vars.yaml provisioner/roles/ansible_security.ids_config/ diff --git a/docs/contribute-aws.md b/docs/contribute-aws.md new file mode 100644 index 000000000..961b1fb64 --- /dev/null +++ b/docs/contribute-aws.md @@ -0,0 +1,11 @@ +# Contribute a new workshop environment for AWS (Amazon Web Services ) + +There are four components to the AWS `manage_ec2_instances` role: + + - **resources** - this provisions AWS Virtual Private Cloud (VPC), the associated Security Group, the EC2 subnet, route table and SSH key-pair. The network and security workshop types use two VPCs to create separate networks. Example for resources can be found in `provisioner/roles/manage_ec2_instances/tasks/resources`. If you only need a single VPC, you most likely do not have to worry about the resources, and can just copy the default `workshop_type: rhel` setup. + + - **instances** - this provisions the actual Amazon instances (e.g. Red Hat Enterprise Linux 8, Cisco IOS, Microsoft Windows, etc) onto the VPC recreated in the `resources` part of the provisioner. Examples for each `workshop_type` can be found in `provisioner/roles/manage_ec2_instances/tasks/instances` + + - **ami_find** - this dynamically figures out the correct AMI (Amazon Machine Image) to use depending on which Amazon region you are in (e.g. `us-east-1`). Examples for each `workshop_type` can be found in `provisioner/roles/manage_ec2_instances/tasks/ami_find` + + - **inventory** - this loads the newly created instances into Ansible Inventory so subsequent Ansible Plays can be executed. This is so Ansible can now configure the vanilla images by making changes to the newly created instances. For example we install Ansible for each student, configure their `/etc/hosts`, the `~/.ssh/config` and much more depending the `workshop_type`. Examples of inventory can be found in `provisioner/roles/manage_ec2_instances/tasks/inventory` diff --git a/docs/contribute.md b/docs/contribute.md index 330ff9172..65bfefe07 100644 --- a/docs/contribute.md +++ b/docs/contribute.md @@ -1,5 +1,22 @@ # Contribute +We treat Ansible Automation Workshops just like we treat the Ansible Project. Please help us! Check out the [Issues](https://github.com/ansible/workshops/issues) for a list of what we are working on. + +## Table of Contents + +* [Pull Requests ](#pull-requests) + * [Create a fork!](#create-a-fork) + * [Stay in Sync](#stay-in-sync) + * [Configuring Your Remotes](#configuring-your-remotes) + * [Rebasing Your Branch](#rebasing-your-branch) + * [Updating your Pull Request](#updating-your-pull-request) + * [Create a pull requests](#create-a-pull-requests) + * [Testing and Continuous Integration](#testing-and-continuous-integration) +* [Contributing New Workshop Types of content](#contributing-new-workshop-types-of-content) +* [Going Further](#going-further) + +# Pull Requests + We take pull requests! What is a pull request? >Pull requests let you tell others about changes you've pushed to a branch in a repository on GitHub. Once a pull request is opened, you can discuss and review the potential changes with collaborators and add follow-up commits before your changes are merged into the base branch @@ -32,7 +49,7 @@ Rebase the branch on your fork git pull --rebase upstream devel ``` -Check your status +Check your status ```bash git status @@ -82,6 +99,11 @@ ________________________________________________________________________________ To make sure this is run everytime one commits a change, and hence one is not sending a Pull Request that won't be merged, one could enable this as part of a git [pre-commit hook](https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks) +# Contributing New Workshop Types of content + +- [Contribute New Workshop Topology for AWS](contribute-aws.md) +- [Contrbitue New Workshop Exercises](exercises.md) + # Going Further The following links will be helpful if you want to contribute code to the Ansible Workshops project, or any Ansible project: diff --git a/docs/exercises.md b/docs/exercises.md new file mode 100644 index 000000000..18a18faf4 --- /dev/null +++ b/docs/exercises.md @@ -0,0 +1,92 @@ +# Create New Exercise Content + +We encourage folks to create new exercise content, fork with your own content, and customize the workshop any way you want. This will give you the flexibility to customize workshops for your own friends, customers, community or project! + +## Table of Contents + +* [Using your own fork](#using-your-own-fork) + * [Practical Example](#practical-example) +* [Changing solution folder on control node](#changing-solution-folder-on-control-node) + * [Practical Example](#practical-example-1) +* [Changing source folder for exercise solutions](#changing-source-folder-for-exercise-solutions) + * [Practical Example](#practical-example-2) + +# Using your own fork + +When a workshop is provisioned, the control node for every workbench (where the Red Hat Ansible Automation is installed and executed from) will load solution exercises into `~/{{workshop}}-workshop`. For example if you are running the `networking` workshop the home directory for every student will have `~/home/networking-workshop`. + +This can be customized! There are three variables that you can change with your provisioner code + + - `ansible_workshops_url` - points to the git repo where you want to load exercises from. By default this uses [https://github.com/ansible/workshops.git](https://github.com/ansible/workshops.git) if this is not specified. + - `version` - points to the git [branch](https://git-scm.com/docs/git-branch) for the specified git repo. By default this uses `master` + - `refspec` - points to the git [refspec](https://git-scm.com/book/en/v2/Git-Internals-The-Refspec). By default this is set to `""` (nothing). + +These variables are used in the `control_node` role which can found here: `provisioner/roles/control_node/tasks/main.yml` + + +## Practical Example + +Here is the `extra_vars` example of provisioning the `workshop_type: rhel` with exercises from a forked repository on a different branch: + +``` +--- +ec2_region: us-east-2 +ec2_name_prefix: sean-workshop +admin_password: ansible123 +student_total: 1 +workshop_type: rhel +create_login_page: true +ansible_workshops_url: https://github.com/ipvsean/workshops.git +ansible_workshops_version: "test_branch" +``` + +This would load the exercises `/exercises/ansible_rhel` from fork `github.com/ipvsean/workshops.git` branch `test_branch` into the student home directory of `~/rhel-workshop` + + +# Changing solution folder on control node + +It is possible to change the location of the destination folder where the exercises are loaded into with the `exercise_dest_location` variable. + + +## Practical Example + +Here is the `extra_vars` example of provisioning the `workshop_type: rhel` with exercises from a forked repository on a different branch: + +``` +--- +ec2_region: us-east-1 +ec2_name_prefix: sean-workshop2 +admin_password: ansible123 +student_total: 1 +workshop_type: rhel +create_login_page: true +ansible_workshops_url: https://github.com/ipvsean/workshops.git +ansible_workshops_version: "test_branch" +exercise_dest_location: "my_folder" +``` + +This would load the exercises `/exercises/ansible_rhel` from fork `github.com/ipvsean/workshops.git` branch `test_branch` into the student home directory of `~/my_folder` + +# Changing source folder for exercise solutions + +It is possible to change the location of the source folder with the `exercise_src_location` variable. This defaults to `exercises/ansible_{{workshop_type}}`. For example by default it would load `exercises/ansible_rhel` for the `workshop_type: rhel` workshop. + +## Practical Example + +Here is the `extra_vars` example of provisioning the `workshop_type: rhel` with different exercises from a forked repository on a different branch: + +``` +--- +ec2_region: us-east-1 +ec2_name_prefix: sean-workshop2 +admin_password: ansible123 +student_total: 1 +workshop_type: rhel +create_login_page: true +ansible_workshops_url: https://github.com/ipvsean/workshops.git +ansible_workshops_version: "test_branch" +exercise_dest_location: "my_folder" +exercise_src_location: "exercises/my_exercises" +``` + +This would load the exercises `/exercises/my_exercises` from fork `github.com/ipvsean/workshops.git` branch `test_branch` into the student home directory of `~/my_folder` diff --git a/docs/faq.md b/docs/faq.md index 118b4b225..e3d5135ec 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -119,7 +119,7 @@ cd into the relevant project folder and execute the Playbook from the command li ``` TASK [manage_ec2_instances : Create EC2 instances for rtr3 node (NETWORKING MODE)] *** -fatal: [localhost]: FAILED! => changed=false +fatal: [localhost]: FAILED! => changed=false msg: 'Instance creation failed => OptInRequired: In order to use this AWS Marketplace product you need to accept terms and subscribe. To do so please visit https://aws.amazon.com/marketplace/pp?sku=bw54e0gl17zf0vxq54dttwvow' ``` diff --git a/exercises/ansible_f5/1.0-explore/README.ja.md b/exercises/ansible_f5/1.0-explore/README.ja.md index 1bec7dbc5..5ba173c73 100644 --- a/exercises/ansible_f5/1.0-explore/README.ja.md +++ b/exercises/ansible_f5/1.0-explore/README.ja.md @@ -47,7 +47,7 @@ ansible 2.6.2 [defaults] connection = smart timeout = 60 -inventory = /home/student1/networking-workshop/lab_inventory/hosts +inventory = /home/student1/lab_inventory/hosts host_key_checking = False private_key_file = /home/student1/.ssh/aws-private.pem [student1@ansible networking-workshop]$ @@ -65,7 +65,7 @@ Note: `ansible.cfg` には以下のパラメーターが含まれています: この演習では **ini** 形式で書かれたファイルを使います. `cat` コマンドでインベントリーの中身を確認します: -`[student1@ansible networking-workshop]$ cat lab_inventory/hosts` +`[student1@ansible networking-workshop]$ cat ~/lab_inventory/hosts` 以下が student2 の出力例です: ``` diff --git a/exercises/ansible_f5/1.0-explore/README.md b/exercises/ansible_f5/1.0-explore/README.md index 810b82e0b..8afb7fe11 100644 --- a/exercises/ansible_f5/1.0-explore/README.md +++ b/exercises/ansible_f5/1.0-explore/README.md @@ -42,7 +42,7 @@ Use the `cat` command to view the contents of the `ansible.cfg` file. [defaults] connection = smart timeout = 60 -inventory = /home/student1/networking-workshop/lab_inventory/hosts +inventory = /home/student1/lab_inventory/hosts host_key_checking = False private_key_file = /home/student1/.ssh/aws-private.pem [student1@ansible networking-workshop]$ @@ -60,7 +60,7 @@ The scope of a `play` within a `playbook` is limited to the groups of hosts decl In this lab you will work with a file based inventory written in the **ini** format. Use the `cat` command to view the contents of your inventory: -`[student1@ansible networking-workshop]$ cat lab_inventory/hosts` +`[student1@ansible networking-workshop]$ cat ~/lab_inventory/hosts` The output will look as follows with student2 being the respective student workbench: ``` diff --git a/exercises/ansible_network/1-explore/README.ja.md b/exercises/ansible_network/1-explore/README.ja.md index 60fab76b3..ca59d0d31 100644 --- a/exercises/ansible_network/1-explore/README.ja.md +++ b/exercises/ansible_network/1-explore/README.ja.md @@ -79,7 +79,7 @@ timeout = 60 deprecation_warnings = False host_key_checking = False retry_files_enabled = False -inventory = /home/student1/networking-workshop/lab_inventory/hosts +inventory = /home/student1/lab_inventory/hosts [persistent_connection] connect_timeout = 60 command_timeout = 60 @@ -96,7 +96,7 @@ command_timeout = 60 この演習では **ini** 形式で記述されたファイルベースのインベントリーを利用します。`cat` コマンドを利用して演習環境のインベントリーを確認してみます。 ```bash -[student1@ansible ~]$ cat ~/networking-workshop/lab_inventory/hosts +[student1@ansible ~]$ cat ~/lab_inventory/hosts ``` ``` diff --git a/exercises/ansible_network/1-explore/README.md b/exercises/ansible_network/1-explore/README.md index 3280803da..a3e5cf2b0 100644 --- a/exercises/ansible_network/1-explore/README.md +++ b/exercises/ansible_network/1-explore/README.md @@ -80,7 +80,7 @@ timeout = 60 deprecation_warnings = False host_key_checking = False retry_files_enabled = False -inventory = /home/student1/networking-workshop/lab_inventory/hosts +inventory = /home/student1/lab_inventory/hosts [persistent_connection] connect_timeout = 60 command_timeout = 60 @@ -97,7 +97,7 @@ The scope of a `play` within a `playbook` is limited to the groups of hosts decl In this lab you will work with a file based inventory written in the **ini** format. Use the `cat` command to view the contents of your inventory: ```bash -[student1@ansible ~]$ cat ~/networking-workshop/lab_inventory/hosts +[student1@ansible ~]$ cat ~/lab_inventory/hosts ``` ``` diff --git a/exercises/ansible_network/3-facts/README.md b/exercises/ansible_network/3-facts/README.md index 99daac43a..d697ec702 100644 --- a/exercises/ansible_network/3-facts/README.md +++ b/exercises/ansible_network/3-facts/README.md @@ -21,6 +21,8 @@ This exercise will cover: - Using the [ios_facts module](https://docs.ansible.com/ansible/latest/modules/ios_facts_module.html). - Using the [debug module](https://docs.ansible.com/ansible/latest/modules/debug_module.html). +# Guide + #### Step 1 On the control host read the documentation about the `ios_facts` module and the `debug` module. diff --git a/exercises/ansible_rhel/1.1-setup/README.md b/exercises/ansible_rhel/1.1-setup/README.md index 4d6e7db55..38cfc3d2e 100644 --- a/exercises/ansible_rhel/1.1-setup/README.md +++ b/exercises/ansible_rhel/1.1-setup/README.md @@ -1,11 +1,23 @@ -# Exercise 1.1 - Check the Prerequisites +# Workshop Exercise - Check the Prerequisites **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +## Table of Contents + +* [Objective](#objective) +* [Guide](#guide) * [Your Lab Environment](#your-lab-environment) -* [Step 1.1 - Access the Environment](#step-11---access-the-environment) -* [Step 1.2 - Working the Labs](#step-12---working-the-labs) -* [Step 1.3 - Challenge Labs](#step-13---challenge-labs) +* [Step 1 - Access the Environment](#step-1---access-the-environment) +* [Step 2 - Working the Labs](#step-2---working-the-labs) +* [Step 3 - Challenge Labs](#step-3---challenge-labs) + +# Objective + +- Understand the lab topology and how to access the environment. +- Understand how to work the workshop exercises +- Understand challenge labs + +# Guide ## Your Lab Environment @@ -18,7 +30,7 @@ In this lab you work in a pre-configured lab environment. You will have access t | Managed Host 2 | node2 | | Managed Host 3 | node3 | -## Step 1.1 - Access the Environment +## Step 1 - Access the Environment Login to your control host via SSH: @@ -63,7 +75,7 @@ Log out of the root account again: > > In all subsequent exercises you should work as the student\ user on the control node if not explicitly told differently. -## Step 1.2 - Working the Labs +## Step 2 - Working the Labs You might have guessed by now this lab is pretty commandline-centric…​ :-) @@ -75,10 +87,13 @@ You might have guessed by now this lab is pretty commandline-centric…​ :-) > > In the lab guide commands you are supposed to run are shown with or without the expected output, whatever makes more sense in the context. -## Step 1.3 - Challenge Labs +## Step 3 - Challenge Labs You will soon discover that many chapters in this lab guide come with a "Challenge Lab" section. These labs are meant to give you a small task to solve using what you have learned so far. The solution of the task is shown underneath a warning sign. ---- +**Navigation** +
+[Next Exercise](../1.2-adhoc) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-1---ansible-engine-exercises) diff --git a/exercises/ansible_rhel/1.2-adhoc/README.ja.md b/exercises/ansible_rhel/1.2-adhoc/README.ja.md index 75310369b..c45584845 100644 --- a/exercises/ansible_rhel/1.2-adhoc/README.ja.md +++ b/exercises/ansible_rhel/1.2-adhoc/README.ja.md @@ -1,20 +1,22 @@ -# Exercise 1.2 - Ad-hoc コマンドを実行しよう +# Workshop Exercise - Ad-hoc コマンドを実行しよう **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Step 1.2.1 - インベントリを操作してみよう](#step-121---インベントリを操作してみよう) -* [Step 1.2.2 - Ansibleの設定ファイルについて](#step-122---ansibleの設定ファイルについて) -* [Step 1.2.3 - Ping a host](#step-123---ping-a-host) -* [Step 1.2.4 - モジュールのリストとヘルプを表示しよう](#step-124---モジュールのリストとヘルプを表示しよう) -* [Step 1.2.5 - コマンドモジュールを使ってみよう。](#step-125---コマンドモジュールを使ってみよう) -* [Step 1.2.6 - Copyモジュールとパーミッション](#step-126---copyモジュールとパーミッション) -* [チャレンジラボ: Modules](#チャレンジラボ-modules) - 最初の演習では、Ansible がどのように動作するかを学習するために アドホック・コマンド を実行します。 Ansible Ad-hocコマンドは、プレイブックを作成しなくてもリモートノードへのタスク実行を可能にします。 1つか2つ程度のタスクをたくさんのリモートノードに実行する必要がある時などにとても便利なコマンドです。 -## Step 1.2.1 - インベントリを操作してみよう +## Table of Contents + +* [Step 1 - インベントリを操作してみよう](#step-1---インベントリを操作してみよう) +* [Step 2 - Ansibleの設定ファイルについて](#step-2---ansibleの設定ファイルについて) +* [Step 3 - Ping a host](#step-3---ping-a-host) +* [Step 4 - モジュールのリストとヘルプを表示しよう](#step-4---モジュールのリストとヘルプを表示しよう) +* [Step 5 - コマンドモジュールを使ってみよう。](#step-5---コマンドモジュールを使ってみよう) +* [Step 6 - Copyモジュールとパーミッション](#step-6---copyモジュールとパーミッション) +* [チャレンジラボ: Modules](#チャレンジラボ-modules) + +## Step 1 - インベントリを操作してみよう ホスト管理にAnsibleコマンドを使用するためには、管理したいホストの一覧を定義したインベントリファイルをコントロールノード上に用意する必要があります。 このラボでは、インベントリファイルはすでにインストラクターによって提供されているはずです。 @@ -73,7 +75,7 @@ Ansibleでは、グループが常に階層的である必要は無いことに > > インベントリには様々なデータを含めることができます。例えば、標準的では無いSSHポートで動作するホストがある場合には、ホスト名の後にコロンをつけて利用したいポート番号を入力できます。もしくは、Ansibleで利用する固有の名前を定義し、それらと実IPを紐付けることもできます。 -## Step 1.2.2 - Ansibleの設定ファイルについて +## Step 2 - Ansibleの設定ファイルについて Ansibleは、Ansibleがもつini形式の設定ファイルを変更することで、動作をカスタマイズすることができます。 Ansibleはコントロールノード上のいくつかの設定可能な場所の1つから設定ファイルを読み込みます。 @@ -131,7 +133,7 @@ ansible ansible_host=44.55.66.77 > 各受講者はそれぞれ個別のラボ環境を持っていることに注意してください。テキストの結果に表示されているIPアドレスは例であり実際のものではありません。みなさん個々の環境の実際のIPアドレスは異なります。 他の場合と同様に、**\** をStudent Numberに置き換えてください。 -## Step 1.2.3 - Ping a host +## Step 3 - Ping a host > **Warning** > @@ -162,7 +164,7 @@ node2 | SUCCESS => { 結果の通り、各ノードから実行時の動作と結果が通知されます。 - ここでは`pong`が結果です。 -## Step 1.2.4 - モジュールのリストとヘルプを表示しよう +## Step 4 - モジュールのリストとヘルプを表示しよう Ansibleにはたくさんのモジュールが準備されています。全てのモジュールをリストしてみましょう: @@ -190,7 +192,7 @@ Ansibleにはたくさんのモジュールが準備されています。全て > > 必須のオプションは、`ansible-doc`内では "=" で表現されます。 -## Step 1.2.5 - コマンドモジュールを使ってみよう。 +## Step 5 - コマンドモジュールを使ってみよう。 それでは、`command`モジュールを利用して、古き良きLinuxコマンドを実行し、アウトプットを定型化してみましょう。 これは、管理対象ホスト上でコマンドを単純に実行します。: @@ -219,7 +221,7 @@ uid=1001(student1) gid=1001(student1) Gruppen=1001(student1) Kontext=unconfined_ > > 多くのLinuxコマンドのように、`ansible`は短い形式のオプションだけでなく長い形式にも対応しています。 例えば、`ansible web --module-name ping`は、`ansible web -m ping`と同じ意味となります。 このワークショップでは、短縮系のオプションが用いられます。 -## Step 1.2.6 - Copyモジュールとパーミッション +## Step 6 - Copyモジュールとパーミッション `copy` モジュールを使って、アドホックコマンドで`node1`の`/etc/motd`ファイルを変更してみましょう。 **このケースでは、コンテンツはオプションを介して、モジュールに渡されます。** diff --git a/exercises/ansible_rhel/1.2-adhoc/README.md b/exercises/ansible_rhel/1.2-adhoc/README.md index 38a90ceaf..0c65b6f05 100644 --- a/exercises/ansible_rhel/1.2-adhoc/README.md +++ b/exercises/ansible_rhel/1.2-adhoc/README.md @@ -1,18 +1,31 @@ -# Exercise 1.2 - Running Ad-hoc commands +# Workshop Exercise - Running Ad-hoc commands **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Step 2.1 - Work with your Inventory](#step-21---work-with-your-inventory) -* [Step 2.2 - The Ansible Configuration Files](#step-22---the-ansible-configuration-files) -* [Step 2.3 - Ping a host](#step-23---ping-a-host) -* [Step 2.4 - Listing Modules and Getting Help](#step-24---listing-modules-and-getting-help) -* [Step 2.5 - Use the command module:](#step-25---use-the-command-module) -* [Step 2.6 - The copy module and permissions](#step-26---the-copy-module-and-permissions) +## Table of Contents + +* [Objective](#objective) +* [Guide](#guide) +* [Step 1 - Work with your Inventory](#step-1---work-with-your-inventory) +* [Step 2 - The Ansible Configuration Files](#step-2---the-ansible-configuration-files) +* [Step 3 - Ping a host](#step-3---ping-a-host) +* [Step 4 - Listing Modules and Getting Help](#step-4---listing-modules-and-getting-help) +* [Step 5 - Use the command module:](#step-5---use-the-command-module) +* [Step 6 - The copy module and permissions](#step-6---the-copy-module-and-permissions) * [Challenge Lab: Modules](#challenge-lab-modules) +# Objective + For our first exercise, we are going to run some ad-hoc commands to help you get a feel for how Ansible works. Ansible Ad-Hoc commands enable you to perform tasks on remote nodes without having to write a playbook. They are very useful when you simply need to do one or two things quickly and often, to many remote nodes. -## Step 2.1 - Work with your Inventory +This exercise will cover +- Locating and understanding the Ansible configuration file (`ansible.cfg`) +- Locating and understanding an `ini` formatted inventory file +- Executing ad hoc commands + +# Guide + +## Step 1 - Work with your Inventory To use the ansible command for host management, you need to provide an inventory file which defines a list of hosts to be managed from the control node. In this lab the inventory is provided by your instructor. The inventory is an ini formatted file listing your hosts, sorted in groups, additionally providing some variables. It looks like: @@ -58,7 +71,7 @@ As you see it is OK to put systems in more than one group. For instance, a serve > > The inventory can contain more data. E.g. if you have hosts that run on non-standard SSH ports you can put the port number after the hostname with a colon. Or you could define names specific to Ansible and have them point to the "real" IP or hostname. -## Step 2.2 - The Ansible Configuration Files +## Step 2 - The Ansible Configuration Files The behavior of Ansible can be customized by modifying settings in Ansible’s ini-style configuration file. Ansible will select its configuration file from one of several possible locations on the control node, please refer to the [documentation](https://docs.ansible.com/ansible/latest/reference_appendices/config.html). @@ -111,7 +124,7 @@ ansible ansible_host=44.55.66.77 > > Note that each student has an individual lab environment. The IP addresses shown above are only an example and the IP addresses of your individual environments are different. As with the other cases, replace **\** with your actual student number. -## Step 2.3 - Ping a host +## Step 3 - Ping a host > **Warning** > @@ -139,7 +152,7 @@ node2 | SUCCESS => { As you see each node reports the successful execution and the actual result - here "pong". -## Step 2.4 - Listing Modules and Getting Help +## Step 4 - Listing Modules and Getting Help Ansible comes with a lot of modules by default. To list all modules run: @@ -167,7 +180,7 @@ Get help for a specific module including usage examples: > > Mandatory options are marked by a "=" in `ansible-doc`. -## Step 2.5 - Use the command module: +## Step 5 - Use the command module: Now let's see how we can run a good ol' fashioned Linux command and format the output using the `command` module. It simply executes the specified command on a managed host: @@ -194,7 +207,7 @@ Sometimes it’s desirable to have the output for a host on one line: > > Like many Linux commands, `ansible` allows for long-form options as well as short-form. For example `ansible web --module-name ping` is the same as running `ansible web -m ping`. We are going to be using the short-form options throughout this workshop. -## Step 2.6 - The copy module and permissions +## Step 6 - The copy module and permissions Using the `copy` module, execute an ad hoc command on `node1` to change the contents of the `/etc/motd` file. **The content is handed to the module through an option in this case**. @@ -231,7 +244,7 @@ For us it’s okay to connect as `student` because `sudo` is set up. Change t This time the command is a success: -```bash +``` node1 | CHANGED => { "changed": true, "checksum": "4458b979ede3c332f8f2128385df4ba305e58c27", @@ -284,12 +297,15 @@ Run the `ansible node1 -m copy …​` command from above again. Note: > > **Solution below\!** -```bash +``` [student@ansible ~]$ ansible-doc -l | grep -i yum [student@ansible ~]$ ansible-doc yum [student@ansible ~]$ ansible node1 -m yum -a 'name=squid state=latest' -b ``` ---- +**Navigation** +
+[Previous Exercise](../1.1-setup) - [Next Exercise](../1.3-playbook) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md) diff --git a/exercises/ansible_rhel/1.2-adhoc/README.pt-br.md b/exercises/ansible_rhel/1.2-adhoc/README.pt-br.md index bdbe06b66..781c7efad 100644 --- a/exercises/ansible_rhel/1.2-adhoc/README.pt-br.md +++ b/exercises/ansible_rhel/1.2-adhoc/README.pt-br.md @@ -1,18 +1,21 @@ -# Exercício 1.2 - Executando comandos ad-hoc +# Exercício - Executando comandos ad-hoc **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Passo 2.1 - Trabalhe com seu inventário](#passo-21---trabalhe-com-seu-inventário) -* [Passo 2.2 - Arquivos de configuração Ansible](#passo-22---arquivos-de-configuração-ansible) -* [Passo 2.3 - Pingando um host](#passo-23---pingando-um-host) -* [Passo 2.4 - Como listar módulos e obter ajuda](#passo-24---como-listar-módulos-e-obter-ajuda) -* [Passo 2.5 - Use o módulo de command:](#passo-25---use-o-módulo-de-command) -* [Passo 2.6 - O módulo de cópia e permissões](#passo-26---o-módulo-de-cópia-e-permissões) +Em nosso primeiro exercício, executaremos alguns comandos ad-hoc para ajudá-lo a entender como o Ansible funciona. Os comandos ad-hoc permitem executar tarefas em nós remotos sem precisar escrever um manual. Eles são muito úteis quando você simplesmente precisa fazer uma ou duas coisas de maneira rápida e frequente para muitos nós remotos. + +## Table of Contents + +* [Passo 1 - Trabalhe com seu inventário](#passo-1---trabalhe-com-seu-inventário) +* [Passo 2 - Arquivos de configuração Ansible](#passo-2---arquivos-de-configuração-ansible) +* [Passo 3 - Pingando um host](#passo-3---pingando-um-host) +* [Passo 4 - Como listar módulos e obter ajuda](#passo-4---como-listar-módulos-e-obter-ajuda) +* [Passo 5 - Use o módulo de command:](#passo-5---use-o-módulo-de-command) +* [Passo 6 - O módulo de cópia e permissões](#passo-6---o-módulo-de-cópia-e-permissões) * [Laboratório de Desafios: Módulos](#laboratório-de-desafios-módulos) -Em nosso primeiro exercício, executaremos alguns comandos ad-hoc para ajudá-lo a entender como o Ansible funciona. Os comandos ad-hoc permitem executar tarefas em nós remotos sem precisar escrever um manual. Eles são muito úteis quando você simplesmente precisa fazer uma ou duas coisas de maneira rápida e frequente para muitos nós remotos. -## Passo 2.1 - Trabalhe com seu inventário +## Passo 1 - Trabalhe com seu inventário Para usar o comando ansible para gerenciamento de host, é necessário fornecer um arquivo de inventário que defina uma lista de hosts a serem gerenciados a partir do nó de controle. Neste laboratório, o inventário é fornecido pelo seu instrutor. O inventário é um arquivo listando seus hosts, classificando em grupos, além de fornecer algumas variáveis. É parecido com isso: @@ -58,7 +61,7 @@ Como você pode ver, não há problema em colocar sistemas em mais de um grupo. > > O inventário pode conter mais dados. Por exemplo, se você possui hosts que executam em portas SSH não padrão, pode colocar o número da porta após o nome do host com dois pontos. Ou pode definir nomes específicos para o Ansible e fazer com que aponte para o IP ou nome de host "real". -## Passo 2.2 - Arquivos de configuração Ansible +## Passo 2 - Arquivos de configuração Ansible O comportamento do Ansible pode ser personalizado modificando as configurações no arquivo de configuração do Ansible. O Ansible selecionará seu arquivo de configuração em um dos vários locais possíveis no nó de controle, consulte a [documentação](https://docs.ansible.com/ansible/latest/reference_appendices/config.html). @@ -111,7 +114,7 @@ ansible ansible_host=44.55.66.77 > > Observe que cada aluno tem um ambiente de laboratório individual. Os endereços IP mostrados acima são apenas um exemplo e os endereços IP de seus ambientes individuais são diferentes. Como nos outros casos, substitua **\** pelo número real do aluno. -## Passo 2.3 - Pingando um host +## Passo 3 - Pingando um host > **ATENÇÃO** > @@ -139,7 +142,7 @@ node2 | SUCCESS => { Como você vê cada nó relata a execução bem-sucedida e o resultado real - "pong". -## Passo 2.4 - Como listar módulos e obter ajuda +## Passo 4 - Como listar módulos e obter ajuda O Ansible vem com muitos módulos por padrão. Para listar todos os módulos, execute: @@ -167,7 +170,7 @@ Obtenha ajuda para um módulo específico, incluindo exemplos de uso: > > As opções obrigatórias são marcadas com "=" em `ansible-doc`. -## Passo 2.5 - Use o módulo de command: +## Passo 5 - Use o módulo de command: Agora vamos ver como podemos executar um bom e velho comando Linux e formatar a saída usando o módulo `command`. Ele simplesmente executa o comando especificado em um host gerenciado: @@ -194,7 +197,7 @@ Outro exemplo: Veja rapidamente as versões do kernel que seus hosts estão exec > > Como muitos comandos do Linux, o `ansible` permite opções longas e curtas. Por exemplo, `ansible web --module-name ping` é o mesmo que executar `ansible web -m ping`. Usaremos as opções resumidas ao longo deste workshop. -## Passo 2.6 - O módulo de cópia e permissões +## Passo 6 - O módulo de cópia e permissões Usando o módulo `copy`, execute um comando ad hoc no `node1` para alterar o conteúdo do arquivo `/etc/motd`. **Neste caso o conteúdo é entregue ao módulo através de uma opção**. diff --git a/exercises/ansible_rhel/1.3-playbook/README.ja.md b/exercises/ansible_rhel/1.3-playbook/README.ja.md index 6ba281775..048fa34fc 100644 --- a/exercises/ansible_rhel/1.3-playbook/README.ja.md +++ b/exercises/ansible_rhel/1.3-playbook/README.ja.md @@ -1,13 +1,15 @@ -# Exercise 1.3 - 初めての Playbook 作成 +# Workshop Exercise - 初めての Playbook 作成 **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Step 1.3.1 - Playbook Basics](#step-131---playbook-basics) -* [Step 1.3.2 - ディレクトリの構成とPlaybook用のファイルを作成しよう](#step-132---ディレクトリの構成とplaybook用のファイルを作成しよう) -* [Step 1.3.3 - Playbookを実行してみる](#step-133---playbookを実行してみる) -* [Step 1.3.4 - Playbookを拡張してみよう。Apacheの起動と有効化](#step-134---playbookを拡張してみようapacheの起動と有効化) -* [Step 1.3.5 - Playbookを拡張してみよう。index.htmlの作成](#step-135---playbookを拡張してみようindexhtmlの作成) -* [Step 1.3.6 - 練習: 複数ホストへの適用](#step-136---練習-複数ホストへの適用) +# Table of Contents + +* [Step 1 - Playbook Basics](#step-1---playbook-basics) +* [Step 2 - ディレクトリの構成とPlaybook用のファイルを作成しよう](#step-2---ディレクトリの構成とplaybook用のファイルを作成しよう) +* [Step 3 - Playbookを実行してみる](#step-3---playbookを実行してみる) +* [Step 4 - Playbookを拡張してみよう。Apacheの起動と有効化](#step-4---playbookを拡張してみようapacheの起動と有効化) +* [Step 5 - Playbookを拡張してみよう。web.htmlの作成](#step-5---playbookを拡張してみようindexhtmlの作成) +* [Step 6 - 練習: 複数ホストへの適用](#step-6---練習-複数ホストへの適用) Ansibleのアドホックコマンドは単純なオペレーションの際にはとても役立ちますが、複雑な構成管理やオーケストレーションのシナリオには適していません。そのようなユースケースの時には、*playbooks*を用いてみると良いでしょう。 @@ -18,7 +20,7 @@ playbookは先ほど実行していたアドホックコマンドを複数取り Playbookには、複数のPlayを持たせることができ、Playは1つもしくは複数のTaskを持ちます。前の章で学習したように、Taskでは*module*が呼び出され実行されます。 *play*の目的は、ホストのグループをマッピングすることです。 *task*のゴールはそれらのホストに対して、モジュールを用いて実行することです。 -## Step 1.3.1 - Playbook Basics +## Step 1 - Playbook Basics PlaybookはYAML形式で書かれたテキストファイルです。 以下のような記載が必要です。 @@ -45,7 +47,7 @@ Playbookは**冪等性(べきとうせい。ある操作を1回行っても複 > > ほとんどのAnsibleモジュールはべき等性を持っているので、比較的簡単に正しいかどうかは確認できます。 -## Step 1.3.2 - ディレクトリの構成とPlaybook用のファイルを作成しよう +## Step 2 - ディレクトリの構成とPlaybook用のファイルを作成しよう セオリーの話はもう十分でしょう。そろそろ最初のPlaybookを作成しましょう。 このラボでは、Apache webserverを3つのステップでセットアップするPlaybookを作成します。: @@ -54,7 +56,7 @@ Playbookは**冪等性(べきとうせい。ある操作を1回行っても複 - Second step: httpd serviceを構成し、スタートさせます。 - - Third step: index.html ファイルを作成します。 + - Third step: web.html ファイルを作成します。 このPlaybookは、Apache webserverなどのPackageが`node1`にインストールされているかを確認します。 @@ -127,7 +129,7 @@ Apacheのパッケージの最新版がインストールされていること > > モジュールのパラメータは、それぞれのモジュールで固有なものです。よくわからない場合には、再度`ansible-doc`コマンドを用いて調べてみてください。 -## Step 1.3.3 - Playbookを実行してみる +## Step 3 - Playbookを実行してみる Playbookは、管理ノード上で`ansible-playbook`コマンドを使うことで実行できます。新しいPlaybookを実行する前に、構文エラーを確認しておくことをお勧めします。 @@ -169,7 +171,7 @@ Playbookをもう一度実行して、出力結果を比較してみましょう 先ほど`changed`だった出力は、`ok`へと変わり、色も黄色から緑色に変わったはずです。また、`play recap`の内容も変わりました。 この結果の差により、Ansibleが実際に何を変更したのかを簡単に見つけることができます。 -## Step 1.3.4 - Playbookを拡張してみよう。Apacheの起動と有効化 +## Step 4 - Playbookを拡張してみよう。Apacheの起動と有効化 Playbookの次のパートでは、確かにApache Webserverが`node1`上で有効でかつ起動していることを確認していきます。 @@ -212,7 +214,7 @@ Playbookの次のパートでは、確かにApache Webserverが`node1`上で有 - Playbookをもう一度実行して、出力結果が変わる様に慣れてみましょう。 -## Step 1.3.5 - Playbookを拡張してみよう。index.htmlの作成 +## Step 5 - Playbookを拡張してみよう。web.htmlの作成 タスクが正しく実行され、Apacheが接続を受け付けているのかを確認してみましょう。 管理ノードから、Ad-hocコマンドでAnsibleの`uri`モジュールを使ってHTTPリクエストを実施します。 **\** を皆さんの環境のインベントリファイルのノード情報に置き換えて実行することに注意してください。 @@ -226,11 +228,11 @@ Playbookの次のパートでは、確かにApache Webserverが`node1`上で有 ``` たくさんの赤い列とエラーが表示されたことでしょう。 -少なくとも、Apacheが提供すべき`index.html`ファイルがなければとても汚い"HTTP Error 403: Forbidden"ステータスが投げつけられるのはしょうがないことですし、Ansibleもエラーをレポートするはずです。 +少なくとも、Apacheが提供すべき`web.html`ファイルがなければとても汚い"HTTP Error 403: Forbidden"ステータスが投げつけられるのはしょうがないことですし、Ansibleもエラーをレポートするはずです。 -では、Ansibleを使って`index.html`をデプロイしてみましょう。 -管理ノード上で`vim`などを用いて以下の内容の`~/ansible-files/index.html`を作成します。 +では、Ansibleを使って`web.html`をデプロイしてみましょう。 +管理ノード上で`vim`などを用いて以下の内容の`~/ansible-files/web.html`を作成します。 ```html @@ -259,10 +261,10 @@ Playbookの次のパートでは、確かにApache Webserverが`node1`上で有 name: httpd enabled: true state: started - - name: copy index.html + - name: copy web.html copy: - src: ~/ansible-files/index.html - dest: /var/www/html/ + src: ~/ansible-files/web.html + dest: /var/www/html/index.html ``` そろそろPlaybookの構文に慣れてきましたか? @@ -279,7 +281,7 @@ Playbookの次のパートでは、確かにApache Webserverが`node1`上で有 - Apacheをテストするために、先ほどの`uri`モジュールを用いたAd-hocコマンドをもう一度実行してみましょう。コマンドは色々な情報を返していると思いますが、その中でもフレンドリーな緑色で"status: 200"を返しているはずです。 -## Step 1.3.6 - 練習: 複数ホストへの適用 +## Step 6 - 練習: 複数ホストへの適用 ここまでのラボはとてもよかったと思いますが、Ansibleの本当に良いところは同じ一連のタスクを様々なホストに確実に適用していくことです。 @@ -316,10 +318,10 @@ Playbookをグループ`web`をさすように変更しましょう。 name: httpd enabled: true state: started - - name: copy index.html + - name: copy web.html copy: - src: ~/ansible-files/index.html - dest: /var/www/html/ + src: ~/ansible-files/web.html + dest: /var/www/html/index.html ``` Playbookを実行してみましょう: diff --git a/exercises/ansible_rhel/1.3-playbook/README.md b/exercises/ansible_rhel/1.3-playbook/README.md index ca5bd17c4..ea9a9fc20 100644 --- a/exercises/ansible_rhel/1.3-playbook/README.md +++ b/exercises/ansible_rhel/1.3-playbook/README.md @@ -1,4 +1,4 @@ -# Exercise 1.3 - Writing Your First Playbook +# Workshop Exercise - Writing Your First Playbook **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). @@ -6,12 +6,12 @@ - [Objective](#objective) - [Guide](#guide) - - [Step 3.1 - Playbook Basics](#step-31---playbook-basics) - - [Step 3.2 - Creating a Directory Structure and File for your Playbook](#step-32---creating-a-directory-structure-and-file-for-your-playbook) - - [Step 3.3 - Running the Playbook](#step-33---running-the-playbook) - - [Step 3.4 - Extend your Playbook: Start & Enable Apache](#step-34---extend-your-playbook-start--enable-apache) - - [Step 3.5 - Extend your Playbook: Create an index.html](#step-35---extend-your-playbook-create-an-indexhtml) - - [Step 3.6 - Practice: Apply to Multiple Host](#step-36---practice-apply-to-multiple-host) + - [Step 1 - Playbook Basics](#step-1---playbook-basics) + - [Step 2 - Creating a Directory Structure and File for your Playbook](#step-2---creating-a-directory-structure-and-file-for-your-playbook) + - [Step 3 - Running the Playbook](#step-3---running-the-playbook) + - [Step 4 - Extend your Playbook: Start & Enable Apache](#step-4---extend-your-playbook-start--enable-apache) + - [Step 5 - Extend your Playbook: Create an web.html](#step-5---extend-your-playbook-create-an-indexhtml) + - [Step 6 - Practice: Apply to Multiple Host](#step-6---practice-apply-to-multiple-host) # Objective @@ -38,7 +38,7 @@ A playbook can have multiple plays and a play can have one or multiple tasks. In > > Here is a nice analogy: When Ansible modules are the tools in your workshop, the inventory is the materials and the Playbooks are the instructions. -## Step 3.1 - Playbook Basics +## Step 1 - Playbook Basics Playbooks are text files written in YAML format and therefore need: @@ -65,7 +65,7 @@ A Playbook should be **idempotent**, so if a Playbook is run once to put the hos > Most Ansible modules are idempotent, so it is relatively easy to ensure this is true. -## Step 3.2 - Creating a Directory Structure and File for your Playbook +## Step 2 - Creating a Directory Structure and File for your Playbook Enough theory, it’s time to create your first Ansible Playbook. In this lab you create a playbook to set up an Apache web server in three steps: @@ -73,7 +73,7 @@ Enough theory, it’s time to create your first Ansible Playbook. In this lab yo 2. Enable/start httpd service - 3. Copy over an index.html file to each web host + 3. Copy over an web.html file to each web host This Playbook makes sure the package containing the Apache web server is installed on `node1`. @@ -143,30 +143,33 @@ In the added lines: Save your playbook and exit your editor. -## Step 3.3 - Running the Playbook +## Step 3 - Running the Playbook -Playbooks are executed using the `ansible-playbook` command on the control node. Before you run a new Playbook it’s a good idea to check for syntax errors: +Ansible Playbooks are executed using the `ansible-playbook` command on the control node. Before you run a new Playbook it’s a good idea to check for syntax errors: ```bash [student@ansible ansible-files]$ ansible-playbook --syntax-check apache.yml ``` -Now you should be ready to run your Playbook: +Now you should be ready to run your playbook: -```bash +``` [student@ansible ansible-files]$ ansible-playbook apache.yml ``` + The output should not report any errors but provide an overview of the tasks executed and a play recap summarizing what has been done. There is also a task called "Gathering Facts" listed there: this is an built-in task that runs automatically at the beginning of each play. It collects information about the managed nodes. Exercises later on will cover this in more detail. -Use SSH to make sure Apache has been installed on `node1`. The necessary IP address is provided in the inventory. Grep for the IP address there and use it to SSH to the node. +Connect to `node1` via SSH to make sure Apache has been installed: ``` -[student@ansible ansible-files]$ grep node1 ~/lab_inventory/hosts -node1 ansible_host=11.22.33.44 -[student@ansible ansible-files]$ ssh 11.22.33.44 -student@11.22.33.44's password: +[student@ansible ansible-files]$ ssh node1 Last login: Wed May 15 14:03:45 2019 from 44.55.66.77 Managed by Ansible +``` + +Use the command `rpm -qe httpd` to verify httpd is installed: + +``` [student@node1 ~]$ rpm -qi httpd Name : httpd Version : 2.4.6 @@ -181,7 +184,7 @@ Log out of `node1` with the command `exit` so that you are back on the control h Run the Playbook a second time, and compare the output: The output changed from "changed" to "ok", and the color changed from yellow to green. Also the "PLAY RECAP" is different now. This make it easy to spot what Ansible actually did. -## Step 3.4 - Extend your Playbook: Start & Enable Apache +## Step 4 - Extend your Playbook: Start & Enable Apache The next part of the Ansible Playbook makes sure the Apache application is enabled and started on `node1`. @@ -224,7 +227,7 @@ Note the output now: Some tasks are shown as "ok" in green and one is shown as " - Run the Playbook a second time to get used to the change in the output. -## Step 3.5 - Extend your Playbook: Create an index.html +## Step 5 - Extend your Playbook: Create an web.html Check that the tasks were executed correctly and Apache is accepting connections: Make an HTTP request using Ansible’s `uri` module in an ad hoc command from the control node. Make sure to replace the **\** with the IP for the node from the inventory. @@ -236,15 +239,15 @@ Check that the tasks were executed correctly and Apache is accepting connections [student@ansible ansible-files]$ ansible localhost -m uri -a "url=http://" ``` -There are a lot of red lines and an error: As long as there is not at least an `index.html` file to be served by Apache, it will throw an ugly "HTTP Error 403: Forbidden" status and Ansible will report an error. +There are a lot of red lines and an error: As long as there is not at least an `web.html` file to be served by Apache, it will throw an ugly "HTTP Error 403: Forbidden" status and Ansible will report an error. -So why not use Ansible to deploy a simple `index.html` file? On the ansible control host, as the `student` user, create the directory `files` to hold file resources in `~/ansible-files/`: +So why not use Ansible to deploy a simple `web.html` file? On the ansible control host, as the `student` user, create the directory `files` to hold file resources in `~/ansible-files/`: ```bash [student@ansible ansible-files]$ mkdir files ``` -Then create the file `~/ansible-files/files/index.html` on the control node: +Then create the file `~/ansible-files/files/web.html` on the control node: ```html @@ -271,10 +274,10 @@ On the control node as your student user edit the file `~/ansible-files/apache.y name: httpd enabled: true state: started - - name: copy index.html + - name: copy web.html copy: - src: index.html - dest: /var/www/html/ + src: web.html + dest: /var/www/html/index.html ``` You are getting used to the Playbook syntax, so what happens? The new task uses the `copy` module and defines the source and destination options for the copy operation as parameters. @@ -289,7 +292,7 @@ Run your extended Playbook: - Run the ad hoc command using the "uri" module from further above again to test Apache: The command should now return a friendly green "status: 200" line, amongst other information. -## Step 3.6 - Practice: Apply to Multiple Host +## Step 6 - Practice: Apply to Multiple Host This was nice but the real power of Ansible is to apply the same set of tasks reliably to many hosts. @@ -326,10 +329,10 @@ Change the Playbook to point to the group "web": name: httpd enabled: true state: started - - name: copy index.html + - name: copy web.html copy: - src: index.html - dest: /var/www/html/ + src: web.html + dest: /var/www/html/index.html ``` Now run the Playbook: @@ -346,5 +349,8 @@ Finally check if Apache is now running on both servers. Identify the IP addresse ---- +**Navigation** +
+[Previous Exercise](../1.2-adhoc) - [Next Exercise](../1.4-variables) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-1---ansible-engine-exercises) diff --git a/exercises/ansible_rhel/1.3-playbook/README.pt-br.md b/exercises/ansible_rhel/1.3-playbook/README.pt-br.md index 5cb52519b..26fe0037c 100644 --- a/exercises/ansible_rhel/1.3-playbook/README.pt-br.md +++ b/exercises/ansible_rhel/1.3-playbook/README.pt-br.md @@ -1,13 +1,13 @@ -# Exercício 1.3 - Escrevendo seu primeiro Playbook +# Exercício - Escrevendo seu primeiro Playbook **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Passo 3.1 - Noções básicas do Playbook](#passo-31---noções-básicas-do-playbook) -* [Passo 3.2 - Criando uma estrutura de diretórios e um arquivo para o seu Playbook](#passo-32---criando-uma-estrutura-de-diretórios-e-um-arquivo-para-o-seu-playbook) -* [Passo 3.3 - Rodando o Playbook](#passo-33---rodando-o-playbook) -* [Passo 3.4 - Amplie seu playbook: Apache Start & Enable](#passo-34---amplie-seu-playbook-apache-start--enable) -* [Passo 3.5 - Ampliando seu Playbook: Criando um aquivo index.html](#passo-35---ampliando-seu-playbook-criando-um-aquivo-indexhtml) -* [Passo 3.6 - Pratique: Aplicar a vários hosts](#passo-36---pratique-aplicar-a-vários-hosts) +* [Passo 1 - Noções básicas do Playbook](#passo-1---noções-básicas-do-playbook) +* [Passo 2 - Criando uma estrutura de diretórios e um arquivo para o seu Playbook](#passo-2---criando-uma-estrutura-de-diretórios-e-um-arquivo-para-o-seu-playbook) +* [Passo 3 - Rodando o Playbook](#passo-3---rodando-o-playbook) +* [Passo 4 - Amplie seu playbook: Apache Start & Enable](#passo-4---amplie-seu-playbook-apache-start--enable) +* [Passo 5 - Ampliando seu Playbook: Criando um aquivo web.html](#passo-5---ampliando-seu-playbook-criando-um-aquivo-indexhtml) +* [Passo 6 - Pratique: Aplicar a vários hosts](#passo-6---pratique-aplicar-a-vários-hosts) Embora os comandos Ansible ad hoc sejam úteis para operações simples, eles não são adequados para cenários complexos de gerenciamento ou orquestração de configurações. Para tais casos de uso, os playbooks são o caminho a percorrer. @@ -21,7 +21,7 @@ Um Playbook pode ter várias plays e uma play pode ter uma ou várias tasks. Em > > Uma boa analogia: quando os módulos Ansible são as ferramentas da sua oficina, o inventário é o material e os Playbooks são as instruções. -## Passo 3.1 - Noções básicas do Playbook +## Passo 1 - Noções básicas do Playbook Playbooks são arquivos de texto escritos no formato YAML e, portanto, precisam: @@ -47,7 +47,7 @@ Um Playbook deve ser **idempotente**, portanto se um Playbook for executado uma > > A maioria dos módulos Ansible é idempotente, portanto é relativamente fácil garantir que isso seja verdade. -## Passo 3.2 - Criando uma estrutura de diretórios e um arquivo para o seu Playbook +## Passo 2 - Criando uma estrutura de diretórios e um arquivo para o seu Playbook Chega de teoria, é hora de criar seu primeiro Playbook. Neste laboratório, você cria um Playbook para configurar um servidor web Apache em três etapas: @@ -55,7 +55,7 @@ Chega de teoria, é hora de criar seu primeiro Playbook. Neste laboratório, voc - 2ª Etapa: Enable/start o serviço httpd - - 3ª Etapa: Criar um aquivo index.html + - 3ª Etapa: Criar um aquivo web.html Este Playbook garante que o pacote que contém o servidor Apache esteja instalado no `node1`. @@ -125,7 +125,7 @@ Nas linhas adicionadas: Salve seu Playbook e saia do Editor. -## Passo 3.3 - Rodando o Playbook +## Passo 3 - Rodando o Playbook Playbooks são executados usando o comando `ansible-playbook` no nó de controle. Antes de executar um novo Playbook, é uma boa ideia verificar se há erros de sintaxe: @@ -163,7 +163,7 @@ Efetue logout do `node1` com o comando `exit` para voltar ao host de controle e Execute o Playbook pela segunda vez e compare a saída: A saída mudou de "changed" para "ok" e a cor mudou de amarelo para verde. Além disso, o "PLAY RECAP" é diferente agora. Isso facilita a identificação do que o Ansible realmente fez. -## Passo 3.4 - Amplie seu playbook: Apache Start & Enable +## Passo 4 - Amplie seu playbook: Apache Start & Enable A próxima parte do Playbook garante que o servidor Apache esteja startado e habilitado no `node1`. @@ -206,7 +206,7 @@ Observe a saída agora: algumas tasks são mostradas como "ok" em verde e uma é - Execute o Playbook uma segunda vez para se acostumar com a alteração na saída. -## Passo 3.5 - Ampliando seu Playbook: Criando um aquivo index.html +## Passo 5 - Ampliando seu Playbook: Criando um aquivo web.html Verifique se as tasks foram executadas corretamente e o Apache está aceitando conexões: faça uma solicitação HTTP usando o módulo `uri` em um comando ad hoc a partir do nó de controle. Certifique-se de substituir **\** pelo IP do nó do inventário. @@ -218,9 +218,9 @@ Verifique se as tasks foram executadas corretamente e o Apache está aceitando c [student@ansible ansible-files]$ ansible localhost -m uri -a "url=http://" ``` -Há muitas linhas vermelhas e um erro: Contanto que não haja pelo menos um arquivo `index.html` a ser consumido pelo Apache, ele emitirá um status feio "HTTP Error 403: Forbidden" e o Ansible relatará um erro. +Há muitas linhas vermelhas e um erro: Contanto que não haja pelo menos um arquivo `web.html` a ser consumido pelo Apache, ele emitirá um status feio "HTTP Error 403: Forbidden" e o Ansible relatará um erro. -Então, por que não usar o Ansible para implantar um simples arquivo `index.html` ? Crie o arquivo `~/ansible-files/index.html` no nó de controle: +Então, por que não usar o Ansible para implantar um simples arquivo `web.html` ? Crie o arquivo `~/ansible-files/web.html` no nó de controle: ```html @@ -247,10 +247,10 @@ No nó de controle, com o seu usuário student, edite o arquivo `~/ansible-files name: httpd enabled: true state: started - - name: Copiar index.html + - name: Copiar web.html copy: - src: ~/ansible-files/index.html - dest: /var/www/html/ + src: ~/ansible-files/web.html + dest: /var/www/html/index.html ``` Você está se acostumando com a sintaxe do Playbook, então o que acontece? A nova task usa o módulo `copy` e define as opções de origem e destino para a operação de cópia como parâmetros. @@ -265,7 +265,7 @@ Execute seu Playbook ampliado: - Execute o comando ad hoc usando o módulo "uri" mais acima novamente para testar o Apache: O comando agora deve retornar uma linha verde "status: 200" amigável, entre outras informações. -## Passo 3.6 - Pratique: Aplicar a vários hosts +## Passo 6 - Pratique: Aplicar a vários hosts Isso foi legal, mas o verdadeiro poder do Ansible é aplicar o mesmo conjunto de tasks de maneira confiável a muitos hosts. @@ -301,10 +301,10 @@ Altere o Playbook para apontar para o grupo "web": name: httpd enabled: true state: started - - name: Copiar index.html + - name: Copiar web.html copy: - src: ~/ansible-files/index.html - dest: /var/www/html/ + src: ~/ansible-files/web.html + dest: /var/www/html/index.html ``` Agora, execute o playbook: diff --git a/exercises/ansible_rhel/1.3-playbook/apache.yml b/exercises/ansible_rhel/1.3-playbook/apache.yml index 57a78571f..6a26a629b 100644 --- a/exercises/ansible_rhel/1.3-playbook/apache.yml +++ b/exercises/ansible_rhel/1.3-playbook/apache.yml @@ -17,5 +17,5 @@ - name: copy index.html copy: - src: index.html - dest: /var/www/html/ + src: web.html + dest: /var/www/html/index.html diff --git a/exercises/ansible_rhel/1.3-playbook/index.html b/exercises/ansible_rhel/1.3-playbook/web.html similarity index 100% rename from exercises/ansible_rhel/1.3-playbook/index.html rename to exercises/ansible_rhel/1.3-playbook/web.html diff --git a/exercises/ansible_rhel/1.4-variables/README.ja.md b/exercises/ansible_rhel/1.4-variables/README.ja.md index 5cb8e1cf4..39a162519 100644 --- a/exercises/ansible_rhel/1.4-variables/README.ja.md +++ b/exercises/ansible_rhel/1.4-variables/README.ja.md @@ -1,13 +1,13 @@ -# 演習1.4 - 変数を使ってみよう +# 演習 - 変数を使ってみよう **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [ステップ 1.4.1 - 変数ファイルの作成](#ステップ-141---変数ファイルの作成) -* [ステップ 1.4.2 - index.html ファイルの作成](#ステップ-142---indexhtml-ファイルの作成) -* [ステップ 1.4.3 - Playbook の作成](#ステップ-143---playbook-の作成) -* [ステップ 1.4.4 - 実行結果の確認](#ステップ-144---実行結果の確認) -* [ステップ 1.4.5 - Ansible ファクト](#ステップ-145---ansible-ファクト) -* [ステップ 1.4.6 - チャレンジラボ: ファクト](#ステップ-146---チャレンジラボ-ファクト) +* [ステップ 1 - 変数ファイルの作成](#ステップ-1---変数ファイルの作成) +* [ステップ 2 - index.html ファイルの作成](#ステップ-2---indexhtml-ファイルの作成) +* [ステップ 3 - Playbook の作成](#ステップ-3---playbook-の作成) +* [ステップ 4 - 実行結果の確認](#ステップ-4---実行結果の確認) +* [ステップ 5 - Ansible ファクト](#ステップ-5---ansible-ファクト) +* [ステップ 6 - チャレンジラボ: ファクト](#ステップ-6---チャレンジラボ-ファクト) * [Step 1.4.7 - Playbook の中でファクトを使う](#step-147---playbook-の中でファクトを使う) 前回までは Ansible Engine の基礎部分を学習してきました。この演習では Playbook をより柔軟かつパワフルに使用できる、より高度なスキルを学びます。 @@ -38,7 +38,7 @@ Playbook では、変数名を二重中括弧で囲むことで変数を表現 > > ホスト変数には優先順位があります。上記 Host 変数は、 Group 変数より優先されます。詳しくは製品マニュアルをご確認ください。 -## ステップ 1.4.1 - 変数ファイルの作成 +## ステップ 1 - 変数ファイルの作成 早速演習で変数の動きを確かめてみましょう。3台の Web Server を構築してみます。どのホストに接続されているかを示すため、 `index.html` を変更します。 @@ -71,7 +71,7 @@ stage: prod - `node2` に関しては、上記で定義された変数 stage = dev が、prod で上書きされます。本番環境として定義されます。 -## ステップ 1.4.2 - index.html ファイルの作成 +## ステップ 2 - index.html ファイルの作成 `~/ansible-files/` 内に、以下の2つのファイルを作成します: @@ -91,7 +91,7 @@ stage: prod ``` -## ステップ 1.4.3 - Playbook の作成 +## ステップ 3 - Playbook の作成 次に、上記手順で作成した本番用、開発用の `index.html` の内いずれかのファイルを "stage" 変数の値に従って Web Server にコピーするための Playbook を作成します。 @@ -121,7 +121,7 @@ stage: prod [student@ansible ansible-files]$ ansible-playbook deploy_index_html.yml ``` -## ステップ 1.4.4 - 実行結果の確認 +## ステップ 4 - 実行結果の確認 各ホストには、変数 stage の値に従って異なるファイルがコピーされているはずです。デフォルトが dev で、node2 のみ、prod となっているはず。それぞれのweb server に curl コマンド(もしくはブラウザ)で接続して確認してみましょう。 @@ -148,7 +148,7 @@ node3 ansible_host=33.44.55.66 > > 鋭い人はちょっと思うかもしれません、”もっと柔軟にファイルの中身を変更出来たら・・・、と”。こちらについては次の章(template モジュール)で学びます! -## ステップ 1.4.5 - Ansible ファクト +## ステップ 5 - Ansible ファクト Ansible ファクトは Ansible によって管理対象ホストから自動的に収集される変数です。"Gathering Facts" が各 ansible-playbook で実行されたことを思い出してください。ファクトは `setup` モジュールからも取得可能です。このファクトには、再利用可能な有用な情報が変数として格納されています。 @@ -169,7 +169,7 @@ Ansibleがデフォルトでどのような事実を収集しているのか、 [student@ansible ansible-files]$ ansible node1 -m setup -a 'filter=ansible_*_mb' ``` -## ステップ 1.4.6 - チャレンジラボ: ファクト +## ステップ 6 - チャレンジラボ: ファクト - 管理対象ホストのディストリビューション(Red Hat)を表示してください。ただし、結果は一行で出力してください。 diff --git a/exercises/ansible_rhel/1.4-variables/README.md b/exercises/ansible_rhel/1.4-variables/README.md index 90af5ff20..80db55861 100644 --- a/exercises/ansible_rhel/1.4-variables/README.md +++ b/exercises/ansible_rhel/1.4-variables/README.md @@ -1,23 +1,34 @@ -# Exercise 1.4 - Using Variables +# Workshop Exercise - Using Variables **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Step 4.1 - Create Variable Files](#step-41---create-variable-files) -* [Step 4.2 - Create index.html Files](#step-42---create-indexhtml-files) -* [Step 4.3 - Create the Playbook](#step-43---create-the-playbook) -* [Step 4.4 - Test the Result](#step-44---test-the-result) -* [Step 4.5 - Ansible Facts](#step-45---ansible-facts) -* [Step 4.6 - Challenge Lab: Facts](#step-46---challenge-lab-facts) -* [Step 4.7 - Using Facts in Playbooks](#step-47---using-facts-in-playbooks) +## Table of Contents -Previous exercises showed you the basics of Ansible Engine. In the next few exercises, we are going -to teach some more advanced Ansible skills that will add flexibility and power to your playbooks. +* [Objective](#objective) +* [Guide](#guide) +* [Intro to Variables](#intro-to-variables) +* [Step 1 - Create Variable Files](#step-1---create-variable-files) +* [Step 2 - Create index.html Files](#step-2---create-indexhtml-files) +* [Step 3 - Create the Playbook](#step-3---create-the-playbook) +* [Step 4 - Test the Result](#step-4---test-the-result) +* [Step 5 - Ansible Facts](#step-5---ansible-facts) +* [Step 6 - Challenge Lab: Facts](#step-6---challenge-lab-facts) +* [Step 7 - Using Facts in Playbooks](#step-7---using-facts-in-playbooks) -Ansible exists to make tasks simple and repeatable. We also know that not all systems are exactly alike and often require -some slight change to the way an Ansible playbook is run. Enter variables. +# Objective Ansible supports variables to store values that can be used in Playbooks. Variables can be defined in a variety of places and have a clear precedence. Ansible substitutes the variable with its value when a task is executed. +This exercise covers variables, specifically +- How to use variable delimiters `{{` and `}}` +- What `host_vars` and `group_vars` are and when to use them +- How to use `ansible_facts` +- How to use the `debug` module to print variables to the console window + +# Guide + +## Intro to Variables + Variables are referenced in Playbooks by placing the variable name in double curly braces: @@ -38,9 +49,10 @@ The recommended practice to provide variables in the inventory is to define them > > Host variables take precedence over group variables (more about precedence can be found in the [docs](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable)). -## Step 4.1 - Create Variable Files -For understanding and practice let’s do a lab. Following up on the theme "Let’s build a webserver. Or two. Or even more…​", you will change the `index.html` to show the development environment (dev/prod) a server is deployed in. +## Step 1 - Create Variable Files + +For understanding and practice let’s do a lab. Following up on the theme "Let’s build a web server. Or two. Or even more…​", you will change the `index.html` to show the development environment (dev/prod) a server is deployed in. On the ansible control host, as the `student` user, create the directories to hold the variable definitions in `~/ansible-files/`: @@ -70,7 +82,7 @@ What is this about? - For server `node2` this is overriden and the host is flagged as a production server. -## Step 4.2 - Create index.html Files +## Step 2 - Create web.html Files Now create two files in `~/ansible-files/files/`: @@ -82,7 +94,7 @@ One called `prod_index.html` with the following content: ``` -And the other called `dev_index.html` with the following content: +And the other called `dev_web.html` with the following content: ```html @@ -90,9 +102,9 @@ And the other called `dev_index.html` with the following content: ``` -## Step 4.3 - Create the Playbook +## Step 3 - Create the Playbook -Now you need a Playbook that copies the prod or dev `index.html` file - according to the "stage" variable. +Now you need a Playbook that copies the prod or dev `web.html` file - according to the "stage" variable. Create a new Playbook called `deploy_index_html.yml` in the `~/ansible-files/` directory. @@ -103,13 +115,13 @@ Create a new Playbook called `deploy_index_html.yml` in the `~/ansible-files/` d ```yaml --- -- name: Copy index.html +- name: Copy web.html hosts: web become: yes tasks: - - name: copy index.html + - name: copy web.html copy: - src: "{{ stage }}_index.html" + src: "{{ stage }}_web.html" dest: /var/www/html/index.html ``` @@ -120,7 +132,7 @@ Create a new Playbook called `deploy_index_html.yml` in the `~/ansible-files/` d [student@ansible ansible-files]$ ansible-playbook deploy_index_html.yml ``` -## Step 4.4 - Test the Result +## Step 4 - Test the Result The Playbook should copy different files as index.html to the hosts, use `curl` to test it. Check the inventory again if you forgot the IP addresses of your nodes. @@ -147,7 +159,7 @@ node3 ansible_host=33.44.55.66 > > If by now you think: There has to be a smarter way to change content in files…​ you are absolutely right. This lab was done to introduce variables, you are about to learn about templates in one of the next chapters. -## Step 4.5 - Ansible Facts +## Step 5 - Ansible Facts Ansible facts are variables that are automatically discovered by Ansible from a managed host. Remember the "Gathering Facts" task listed in the output of each `ansible-playbook` execution? At that moment the facts are gathered for each managed nodes. Facts can also be pulled by the `setup` module. They contain useful information stored into variables that administrators can reuse. @@ -168,7 +180,7 @@ Or what about only looking for memory related facts: [student@ansible ansible-files]$ ansible node1 -m setup -a 'filter=ansible_*_mb' ``` -## Step 4.6 - Challenge Lab: Facts +## Step 6 - Challenge Lab: Facts - Try to find and print the distribution (Red Hat) of your managed hosts. On one line, please. @@ -185,7 +197,7 @@ Or what about only looking for memory related facts: [student@ansible ansible-files]$ ansible node1 -m setup -a 'filter=ansible_distribution' -o ``` -## Step 4.7 - Using Facts in Playbooks +## Step 7 - Using Facts in Playbooks Facts can be used in a Playbook like variables, using the proper naming, of course. Create this Playbook as `facts.yml` in the `~/ansible-files/` directory: @@ -236,5 +248,8 @@ node3 : ok=2 changed=0 unreachable=0 failed=0 ``` ---- +**Navigation** +
+[Previous Exercise](../1.3-playbook) - [Next Exercise](../1.5-handlers) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-1---ansible-engine-exercises) diff --git a/exercises/ansible_rhel/1.4-variables/README.pt-br.md b/exercises/ansible_rhel/1.4-variables/README.pt-br.md index fcfc3f976..8c2befa0e 100644 --- a/exercises/ansible_rhel/1.4-variables/README.pt-br.md +++ b/exercises/ansible_rhel/1.4-variables/README.pt-br.md @@ -1,14 +1,14 @@ -# Exercício 1.4 - Usando variáveis +# Exercício - Usando variáveis **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Passo 4.1 - Criando arquivos de variáveis](#passo-41---criando-arquivos-de-variáveis) -* [Passo 4.2 - Criando o arquivo index.html](#passo-42---criando-o-arquivo-indexhtml) -* [Passo 4.3 - Criando o Playbook](#passo-43---criando-o-playbook) -* [Passo 4.4 - Teste o Resultado](#passo-44---teste-o-resultado) -* [Passo 4.5 - Ansible Facts](#passo-45---ansible-facts) -* [Passo 4.6 - Laboratório de desafios: Facts](#passo-46---laboratório-de-desafios-facts) -* [Passo 4.7 - Usando Facts em Playbooks](#passo-47---usando-facts-em-playbooks) +* [Passo 1 - Criando arquivos de variáveis](#passo-1---criando-arquivos-de-variáveis) +* [Passo 2 - Criando o arquivo index.html](#passo-2---criando-o-arquivo-indexhtml) +* [Passo 3 - Criando o Playbook](#passo-3---criando-o-playbook) +* [Passo 4 - Teste o Resultado](#passo-4---teste-o-resultado) +* [Passo 5 - Ansible Facts](#passo-5---ansible-facts) +* [Passo 6 - Laboratório de desafios: Facts](#passo-6---laboratório-de-desafios-facts) +* [Passo 7 - Usando Facts em Playbooks](#passo-7---usando-facts-em-playbooks) Os exercícios anteriores mostraram os conceitos básicos do Ansible Engine. Nos próximos exercícios, ensinaremos algumas habilidades mais avançadas que adicionarão flexibilidade e poder aos seus Playbooks. @@ -36,7 +36,7 @@ A prática recomendada para fornecer variáveis no inventário é defini-las em > > Variáveis de host têm precedência sobre variáveis de grupo (mais sobre precedência pode ser encontrada em [docs](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable)). -## Passo 4.1 - Criando arquivos de variáveis +## Passo 1 - Criando arquivos de variáveis Para entender e praticar, vamos fazer um laboratório. Seguindo o tema "Vamos construir um servidor Web, ou dois, ou ainda mais...​", você alterará o `index.html` para mostrar o ambiente de desenvolvimento (dev/prod) em que um servidor está implantado. @@ -68,7 +68,7 @@ O que é isso? - Para o servidor `node2`, isso é substituído e o host é sinalizado como um servidor de produção. -## Passo 4.2 - Criando o arquivo index.html +## Passo 2 - Criando o arquivo index.html Agora, crie dois aquivos em `~/ansible-files/`: @@ -88,7 +88,7 @@ E um chamado `dev_index.html` com o seguinte conteúdo: ``` -## Passo 4.3 - Criando o Playbook +## Passo 3 - Criando o Playbook Agora você precisa de um Playbook que copie o arquivo prod ou dev `index.html` - de acordo com a variável "stage". @@ -118,7 +118,7 @@ Crie um novo playbook, chamado `deploy_index_html.yml` no diretório `~/ansible- [student@ansible ansible-files]$ ansible-playbook deploy_index_html.yml ``` -## Passo 4.4 - Teste o Resultado +## Passo 4 - Teste o Resultado O Playbook deve copiar arquivos diferentes como index.html para os hosts, use `curl` para testá-lo. Verifique o inventário novamente se você esqueceu os endereços IP dos seus nós. @@ -145,7 +145,7 @@ node3 ansible_host=33.44.55.66 > > Agora você pensa: "Tem que haver uma maneira mais inteligente de alterar o conteúdo dos arquivos..." e você está absolutamente certo. Este laboratório foi realizado para introduzir variáveis, você está prestes a aprender sobre templates em um dos próximos capítulos. -## Passo 4.5 - Ansible Facts +## Passo 5 - Ansible Facts Facts são variáveis que são descobertas automaticamente pelo Ansible a partir de um host gerenciado. Lembra da task "Gathering Facts" listada na saída de cada execução do `ansible-playbook`? Nesse momento, os facts são reunidos para cada nó gerenciado. Os fatos também podem ser obtidos pelo módulo `setup`. Eles contêm informações úteis armazenadas em variáveis que os administradores podem reutilizar. @@ -166,7 +166,7 @@ Ou que tal procurar apenas facts relacionados à memória: [student@ansible ansible-files]$ ansible node1 -m setup -a 'filter=ansible_*_mb' ``` -## Passo 4.6 - Laboratório de desafios: Facts +## Passo 6 - Laboratório de desafios: Facts - Tente encontrar e imprimir a distribuição (Red Hat) de seus hosts gerenciados. Em uma linha, por favor. @@ -183,7 +183,7 @@ Ou que tal procurar apenas facts relacionados à memória: [student@ansible ansible-files]$ ansible node1 -m setup -a 'filter=ansible_distribution' -o ``` -## Passo 4.7 - Usando Facts em Playbooks +## Passo 7 - Usando Facts em Playbooks Os facts podem ser usados em um Playbook como variáveis, usando a nomeação apropriada. Crie este Playbook como `facts.yml` no diretório `~/ansible-files/`: diff --git a/exercises/ansible_rhel/1.5-handlers/README.ja.md b/exercises/ansible_rhel/1.5-handlers/README.ja.md index 9ed0486ce..5126e1dd2 100644 --- a/exercises/ansible_rhel/1.5-handlers/README.ja.md +++ b/exercises/ansible_rhel/1.5-handlers/README.ja.md @@ -1,13 +1,13 @@ -# 演習 1.5 - 条件分岐、ハンドラー、ループを使う +# 演習 - 条件分岐、ハンドラー、ループを使う **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [ステップ 1.5.1 - 条件分岐](#ステップ-151---条件分岐) -* [ステップ 1.5.2 - ハンドラー](#ステップ-152---ハンドラー) -* [ステップ 1.5.3 - 単純な繰り返し(ループ実行)](#ステップ-153---単純な繰り返しループ実行) +* [ステップ 1 - 条件分岐](#ステップ 1---条件分岐) +* [ステップ 2 - ハンドラー](#ステップ 2---ハンドラー) +* [ステップ 3 - 単純な繰り返し(ループ実行)](#ステップ 3---単純な繰り返しループ実行) * [ステップ - ハッシュをループする](#ステップ---ハッシュをループする) -## ステップ 1.5.1 - 条件分岐 +## ステップ 1 - 条件分岐 Ansible は特定の条件が満たされたときにタスクを実行したり再生したりすることができます。 @@ -82,7 +82,7 @@ skipping: [node3] changed: [node2] ``` -## ステップ 1.5.2 - ハンドラー +## ステップ 2 - ハンドラー プレイブックを書いていると、特定のタスクが実行された時のみ、さらに追加のタスクを実行したい場合があります。たとえば、サービスの更新や設定ファイルを変更した場合に、変更した設定が有効になるようにサービスの再起動が必要となるケースです。 @@ -171,7 +171,7 @@ httpd.conf ファイルを再度 "80" に変更し、どうなるか試してみ > > よく聞かれる質問として、notify セクションが実行されたらすぐにハンドラーが呼び出されるのか?ということがありますが、これは違います。今回の場合、notify 直下にハンドラーが定義されているのですぐの実行となりますが、notiry とハンドラーが離れていた場合は、あくまで上から順に実行され、ハンドラーの順番になったところで実行されます。 notify でハンドラー実行のフラグを立てておく感じです。 -## ステップ 1.5.3 - 単純な繰り返し(ループ実行) +## ステップ 3 - 単純な繰り返し(ループ実行) ループを使用すると、同じタスクを繰り返し実行することができます。たとえば、複数のユーザーを作成したいとしましょう。Ansible ループを使用すると、単一のタスクでそれを実行できます。ループは、単なるリスト以外にも反復することができます。たとえば、対応するグループを持つユーザーのリストがある場合、ループはそれらに対しても反復することができます。 詳しくはマニュアルをご確認ください [Ansible Loops](https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html) diff --git a/exercises/ansible_rhel/1.5-handlers/README.md b/exercises/ansible_rhel/1.5-handlers/README.md index 672580186..f463c9a07 100644 --- a/exercises/ansible_rhel/1.5-handlers/README.md +++ b/exercises/ansible_rhel/1.5-handlers/README.md @@ -1,13 +1,26 @@ -# Exercise 1.5 - Conditionals, Handlers and Loops +# Workshop Exercise - Conditionals, Handlers and Loops **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Step 5.1 - Conditionals](#step-51---conditionals) -* [Step 5.2 - Handlers](#step-52---handlers) -* [Step 5.3 - Simple Loops](#step-53---simple-loops) -* [Step 5.4 - Loops over hashes](#step-54---loops-over-hashes) +## Table of Contents -## Step 5.1 - Conditionals +* [Objective](#objective) +* [Guide](#guide) +* [Step 1 - Conditionals](#step-1---conditionals) +* [Step 2 - Handlers](#step-2---handlers) +* [Step 3 - Simple Loops](#step-3---simple-loops) +* [Step 4 - Loops over hashes](#step-4---loops-over-hashes) + +# Objective + +Three foundational Ansible features are: +- [Conditionals](https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html) +- [Handlers](https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html#handlers-running-operations-on-change) +- [Loops](https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html) + +# Guide + +## Step 1 - Conditionals Ansible can use conditionals to execute tasks or plays when certain conditions are met. @@ -75,7 +88,7 @@ skipping: [node3] changed: [node2] ``` -## Step 5.2 - Handlers +# Step 2 - Handlers Sometimes when a task does make a change to the system, an additional task or tasks may need to be run. For example, a change to a service’s configuration file may then require that the service be restarted so that the changed configuration takes effect. @@ -83,13 +96,13 @@ Here Ansible’s handlers come into play. Handlers can be seen as inactive tasks As a an example, let’s write a Playbook that: - - manages Apache’s configuration file `httpd.conf` on all hosts in the `web` group + - manages Apache’s configuration file `/etc/httpd/conf/httpd.conf` on all hosts in the `web` group - restarts Apache when the file has changed First we need the file Ansible will deploy, let’s just take the one from node1. Remember to replace the IP address shown in the listing below with the IP address from your individual `node1`. -```bash +``` [student@ansible ansible-files]$ scp 11.22.33.44:/etc/httpd/conf/httpd.conf ~/ansible-files/files/. student@11.22.33.44's password: httpd.conf @@ -121,11 +134,11 @@ So what’s new here? - The "notify" section calls the handler only when the copy task actually changes the file. That way the service is only restarted if needed - and not each time the playbook is run. - The "handlers" section defines a task that is only run on notification. +
Run the Playbook. We didn’t change anything in the file yet so there should not be any `changed` lines in the output and of course the handler shouldn’t have fired. - - Now change the `Listen 80` line in httpd.conf to: - + - Now change the `Listen 80` line in `/etc/httpd/conf/httpd.conf` to: ```ini Listen 8080 @@ -147,9 +160,9 @@ curl: (7) Failed connect to 22.33.44.55:80; Connection refused

This is a production webserver, take care!

``` -Feel free to change the httpd.conf file again and run the Playbook. +Feel free to change the httpd.conf file again and run the playbook. -## Step 5.3 - Simple Loops +## Step 3 - Simple Loops Loops enable us to repeat the same task over and over again. For example, lets say you want to create multiple users. By using an Ansible loop, you can do that in a single task. Loops can also iterate over more than just basic lists. For example, if you have a list of users with their coresponding group, loop can iterate over them as well. Find out more about loops in the [Ansible Loops](https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html) documentation. @@ -184,7 +197,7 @@ Understand the playbook and the output: - During execution the task is only listed once, but there are three changes listed underneath it. -## Step 5.4 - Loops over hashes +## Step 4 - Loops over hashes As mentioned loops can also be over lists of hashes. Imagine that the users should be assigned to different additional groups: @@ -235,5 +248,8 @@ uid=1002(dev_user) gid=1002(dev_user) Gruppen=1002(dev_user),50(ftp) ``` ---- +**Navigation** +
+[Previous Exercise](../1.4-variables) - [Next Exercise](../1.6-templates) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-1---ansible-engine-exercises) diff --git a/exercises/ansible_rhel/1.5-handlers/README.pt-br.md b/exercises/ansible_rhel/1.5-handlers/README.pt-br.md index 2334d981a..4674ef581 100644 --- a/exercises/ansible_rhel/1.5-handlers/README.pt-br.md +++ b/exercises/ansible_rhel/1.5-handlers/README.pt-br.md @@ -1,13 +1,13 @@ -# Exercício 1.5 - Condicionais, Handlers and Loops +# Exercício - Condicionais, Handlers and Loops **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Passo 5.1 - Condicionais](#passo-51---condicionais) -* [Passo 5.2 - Handlers](#passo-52---handlers) -* [Passo 5.3 - Loops simples](#passo-53---loops-simples) -* [Passo 5.4 - Loops sobre hashes](#passo-54---loops-sobre-hashes) +* [Passo 1 - Condicionais](#passo-1---condicionais) +* [Passo 2 - Handlers](#passo-2---handlers) +* [Passo 3 - Loops simples](#passo-3---loops-simples) +* [Passo 4 - Loops sobre hashes](#passo-4---loops-sobre-hashes) -## Passo 5.1 - Condicionais +## Passo 1 - Condicionais O Ansible pode usar condicionais para executar tasks ou plays quando determinadas condições forem atendidas. @@ -75,7 +75,7 @@ skipping: [node3] changed: [node2] ``` -## Passo 5.2 - Handlers +## Passo 2 - Handlers As vezes, quando uma task faz uma alteração no sistema, pode ser necessário executar uma task ou tasks adicionais. Por exemplo, uma alteração no arquivo de configuração de um serviço pode exigir que o serviço seja reiniciado para que a configuração alterada entre em vigor. @@ -149,7 +149,7 @@ curl: (7) Failed connect to 22.33.44.55:80; Connection refused ``` Sinta-se livre para alterar o arquivo httpd.conf novamente e executar o Playbook. -## Passo 5.3 - Loops simples +## Passo 3 - Loops simples Os loops nos permitem repetir a mesma task. Por exemplo, digamos que você queira criar vários usuários. Usando um loop, você pode fazer isso em uma única task. Os loops também podem iterar mais do que apenas listas básicas. Por exemplo, se você tiver uma lista de usuários com seu grupo de correspondência, o loop também poderá iterar sobre eles. Saiba mais sobre loops na documentação [Ansible Loops](https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html). @@ -184,7 +184,7 @@ Entenda o playbook e a saída: - Durante a execução, a task é listada apenas uma vez, mas há três alterações listadas abaixo dela. -## Passo 5.4 - Loops sobre hashes +## Passo 4 - Loops sobre hashes Como mencionado, os loops também podem estar sobre listas de hashes. Imagine que os usuários devam ser atribuídos a diferentes grupos adicionais: diff --git a/exercises/ansible_rhel/1.6-templates/README.ja.md b/exercises/ansible_rhel/1.6-templates/README.ja.md index a716955ce..40298463d 100644 --- a/exercises/ansible_rhel/1.6-templates/README.ja.md +++ b/exercises/ansible_rhel/1.6-templates/README.ja.md @@ -1,13 +1,13 @@ -# 演習 1.6 - テンプレートを使う +# 演習 - テンプレートを使う **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [ステップ 1.6.1 - playbook 内でテンプレートを使用する](#ステップ-161----playbook-内でテンプレートを使用する) -* [Step 1.6.2 - チャレンジラボ](#step-162---チャレンジラボ) +* [ステップ 1 - playbook 内でテンプレートを使用する](#ステップ-1----playbook-内でテンプレートを使用する) +* [ステップ 2 - チャレンジラボ](#step-2---チャレンジラボ) Ansibleは、管理対象ホストにファイルをコピーする際、固定の内容ではなく変数に値を入力しながらコピーを行う様な事も可能です。例えば対象ホストユニークなホスト名などを含んだファイルのコピーを行うことが可能です。これを実現するのが Jinja2 テンプレートです。 Jinja2 は、Python で最も使用されているテンプレートエンジンの1つです。 () -## ステップ 1.6.1 - playbook 内でテンプレートを使用する +## ステップ 1 - playbook 内でテンプレートを使用する 利用は簡単です。まず、ファイル作成を行うための変数を含んだテンプレートファイルを作成し、テンプレートモジュールを使って対象ホストに転送するだけです。 @@ -53,7 +53,7 @@ deployed on {{ ansible_architecture }} architecture. Ansibleが変数をシステムから収集したファクト情報で変数を置き換えた上で、ファイルをコピーしていることがわかります。 -## Step 1.6.2 - チャレンジラボ +## ステップ 2 - チャレンジラボ テンプレートに1行追加して、管理対象ノードの現在のカーネルを表示してください。 diff --git a/exercises/ansible_rhel/1.6-templates/README.md b/exercises/ansible_rhel/1.6-templates/README.md index 37242aff1..cbebb05d9 100644 --- a/exercises/ansible_rhel/1.6-templates/README.md +++ b/exercises/ansible_rhel/1.6-templates/README.md @@ -1,13 +1,21 @@ -# Exercise 1.6 - Templates +# Workshop Exercise - Templates **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Step 6.1 - Using Templates in Playbooks](#step-61---using-templates-in-playbooks) -* [Step 6.2 - Challenge Lab](#step-62---challenge-lab) +## Table of Contents -Ansible uses Jinja2 templating to modify files before they are distributed to managed hosts. Jinja2 is one of the most used template engines for Python (). +* [Objective](#objective) +* [Guide](#guide) +* [Step 1 - Using Templates in Playbooks](#step-1---using-templates-in-playbooks) +* [Step 2 - Challenge Lab](#step-2---challenge-lab) -## Step 6.1 - Using Templates in Playbooks +# Objective + +This exercise will cover Jinja2 templating. Ansible uses Jinja2 templating to modify files before they are distributed to managed hosts. Jinja2 is one of the most used template engines for Python (). + +# Guide + +## Step 1 - Using Templates in Playbooks When a template for a file has been created, it can be deployed to the managed hosts using the `template` module, which supports the transfer of a local file from the control node to the managed hosts. @@ -37,7 +45,7 @@ Next we need a playbook to use this template. In the `~/ansible-files/` director --- - name: Fill motd file with host data hosts: node1 - become: yes + become: true tasks: - template: src: motd-facts.j2 @@ -59,7 +67,7 @@ You have done this a couple of times by now: You should see how Ansible replaces the variables with the facts it discovered from the system. -## Step 6.2 - Challenge Lab +## Step 2 - Challenge Lab Add a line to the template to list the current kernel of the managed node. @@ -81,14 +89,12 @@ Add a line to the template to list the current kernel of the managed node. - Find the fact: - ```bash [student@ansible ansible-files]$ ansible node1 -m setup|grep -i kernel "ansible_kernel": "3.10.0-693.el7.x86_64", ``` - Modify the template `motd-facts.j2`: - ```html+jinja Welcome to {{ ansible_hostname }}. @@ -99,8 +105,22 @@ running kernel {{ ansible_kernel }}. - Run the playbook. +``` +[student1@ansible ~]$ ansible-playbook motd-facts.yml +``` + - Verify the new message via SSH login to `node1`. +``` +[student1@ansible ~]$ ssh node1 +Welcome to node1. +RedHat 8.1 +deployed on x86_64 architecture +running kernel 4.18.0-147.8.1.el8_1.x86_64. +``` ---- +**Navigation** +
+[Previous Exercise](../1.5-handlers) - [Next Exercise](../1.6-templates) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-1---ansible-engine-exercises) diff --git a/exercises/ansible_rhel/1.6-templates/README.pt-br.md b/exercises/ansible_rhel/1.6-templates/README.pt-br.md index 292cc21f8..bed433632 100644 --- a/exercises/ansible_rhel/1.6-templates/README.pt-br.md +++ b/exercises/ansible_rhel/1.6-templates/README.pt-br.md @@ -1,13 +1,13 @@ -# Exercicio 1.6 - Templates +# Exercicio - Templates **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Passo 6.1 - Usando Templates em Playbooks](#passo-61---usando-templates-em-playbooks) -* [Passo 6.2 - Laboratório de Desafios](#passo-62---laboratório-de-desafios) +* [Passo 1 - Usando Templates em Playbooks](#passo-1---usando-templates-em-playbooks) +* [Passo 2 - Laboratório de Desafios](#passo-2---laboratório-de-desafios) O Ansible usa o template Jinja2 para modificar arquivos antes de serem distribuídos para hosts gerenciados. O Jinja2 é um dos mecanismos de template mais usados para o Python (). -## Passo 6.1 - Usando Templates em Playbooks +## Passo 1 - Usando Templates em Playbooks Quando um template é criado, ele pode ser implantado nos hosts gerenciados usando o módulo `template`, que suporta a transferência de um arquivo local do nó de controle para os hosts gerenciados. @@ -54,7 +54,7 @@ Você já fez isso algumas vezes até agora: Você deve ter visto como o Ansible substitui as variáveis pelos dados descobertos no sistema. -## Passo 6.2 - Laboratório de Desafios +## Passo 2 - Laboratório de Desafios Adicione uma linha ao template para listar o kernel atual do nó gerenciado. diff --git a/exercises/ansible_rhel/1.6-templates/motd-facts.j2 b/exercises/ansible_rhel/1.6-templates/motd-facts.j2 new file mode 100644 index 000000000..4a780c47e --- /dev/null +++ b/exercises/ansible_rhel/1.6-templates/motd-facts.j2 @@ -0,0 +1,4 @@ +Welcome to {{ ansible_hostname }}. +{{ ansible_distribution }} {{ ansible_distribution_version}} +deployed on {{ ansible_architecture }} architecture +running kernel {{ ansible_kernel }}. diff --git a/exercises/ansible_rhel/1.6-templates/motd-facts.yml b/exercises/ansible_rhel/1.6-templates/motd-facts.yml new file mode 100644 index 000000000..5214973cc --- /dev/null +++ b/exercises/ansible_rhel/1.6-templates/motd-facts.yml @@ -0,0 +1,11 @@ +--- +- name: Fill motd file with host data + hosts: node1 + become: true + tasks: + - template: + src: motd-facts.j2 + dest: /etc/motd + owner: root + group: root + mode: 0644 diff --git a/exercises/ansible_rhel/1.7-role/README.ja.md b/exercises/ansible_rhel/1.7-role/README.ja.md index 5335c7b16..9faf8d43b 100644 --- a/exercises/ansible_rhel/1.7-role/README.ja.md +++ b/exercises/ansible_rhel/1.7-role/README.ja.md @@ -1,19 +1,19 @@ -# 演習 1.7 - Roles: Playbook を再利用可能にする +# 演習 - Roles: Playbook を再利用可能にする **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [ステップ 1.7.1 - Ansible Roles 構造を理解する](#ステップ-171---ansible-roles-構造を理解する) -* [ステップ 1.7.2 - 基本的な Role ディレクトリ構造を作成する](#ステップ-172---基本的な-role-ディレクトリ構造を作成する) -* [ステップ 1.7.3 - タスクファイルの作成](#ステップ-173---タスクファイルの作成) -* [ステップ 1.7.4 - ハンドラーの作成](#ステップ-174---ハンドラーの作成) -* [ステップ 1.7.5 - index.html の作成とバーチャルホスト用テンプレートファイルの作成](#ステップ-175---indexhtml-の作成とバーチャルホスト用テンプレートファイルの作成) -* [ステップ 1.7.6 - Role のテスト実行](#ステップ-176----role-のテスト実行) +* [ステップ 1 - Ansible Roles 構造を理解する](#ステップ-1---ansible-roles-構造を理解する) +* [ステップ 2 - 基本的な Role ディレクトリ構造を作成する](#ステップ-2---基本的な-role-ディレクトリ構造を作成する) +* [ステップ 3 - タスクファイルの作成](#ステップ-3---タスクファイルの作成) +* [ステップ 4 - ハンドラーの作成](#ステップ-4---ハンドラーの作成) +* [ステップ 5 - index.html の作成とバーチャルホスト用テンプレートファイルの作成](#ステップ-5---indexhtml-の作成とバーチャルホスト用テンプレートファイルの作成) +* [ステップ 6 - Role のテスト実行](#ステップ-6----role-のテスト実行) 今までのワークショップで学習してきた通り、Playbook を1つのファイルに書くことは可能です。しかしそのうち、作成した Playbook を再利用したいと考えるようになると思います。 これを実現するのが Ansible の Roles です。Role という形で Playbook をパーツとして分解し、構造化されたディレクトリに納めるのです。詳しくはこちらの [ベストプラクティス](http://docs.ansible.com/ansible/playbooks_best_practices.html) をご確認ください。 -## ステップ 1.7.1 - Ansible Roles 構造を理解する +## ステップ 1 - Ansible Roles 構造を理解する Roles は基本的に、includeディレクティブを自動化したものであり、実際には参照ファイルの検索パス処理に対するいくつかの機能を超えた追加の魔法的な手段は含まれていません。 @@ -60,7 +60,7 @@ Playbook で Roles を呼び出すのは以下の通り簡単です。 タスク、ハンドラー、変数など各々の Roles がこの順番で Playbook に組み込まれます。 Roles で定義されたディレクトリに、コピー、スクリプト、テンプレート、タスクを入れることで、絶対パスや相対パスを意識することなくそれぞれの Role にアクセスすることができます。 -## ステップ 1.7.2 - 基本的な Role ディレクトリ構造を作成する +## ステップ 2 - 基本的な Role ディレクトリ構造を作成する Ansible は、プロジェクトディレクトリ内の `roles` サブディレクトリの中から該当する Role を探します。これは Ansible の設定ファイルで上書きすることも可能です。それぞれの Role は独自のディレクトリ構造を持っています。新規 Role のディレクトリを作成するために `ansible-galaxy` を利用することも可能です。 @@ -81,7 +81,7 @@ Ansible は、プロジェクトディレクトリ内の `roles` サブディレ [student@ansible ansible-files]$ tree roles ``` -## ステップ 1.7.3 - タスクファイルの作成 +## ステップ 3 - タスクファイルの作成 サブディレクトリにある "tasks" の中の `main.yml` ファイルに以下の内容を記述していきます。 @@ -191,7 +191,7 @@ vhost ディレクトリは、 `file` モジュールを使って、無ければ -## ステップ 1.7.4 - ハンドラーの作成 +## ステップ 4 - ハンドラーの作成 `handlers/main.yml` を以下の通り編集し、テンプレートタスクから呼び出された時に httpd を再起動するハンドラーを作成します。 @@ -204,7 +204,7 @@ vhost ディレクトリは、 `file` モジュールを使って、無ければ state: restarted ``` -## ステップ 1.7.5 - index.html の作成とバーチャルホスト用テンプレートファイルの作成 +## ステップ 5 - index.html の作成とバーチャルホスト用テンプレートファイルの作成 Webサーバーによって提供されるHTMLコンテンツを作成します。 @@ -240,7 +240,7 @@ Listen 8080 > > 上記はバーチャルホストを追加するための httpd 用の設定ファイルで、ここでは深く理解する必要はありません。8080 ポートをリッスンする Webサーバー が立ち上がり、ルートフォルダは "/var/www/vhosts/{{ ansible_hostname }}/"。その中に、'simple vhost index' と記載された index.html がコピーされる・・・、くらいの理解で大丈夫です。 -## ステップ 1.7.6 - Role のテスト実行 +## ステップ 6 - Role のテスト実行 `node2` に対し、 Roles をテストする準備が整いました。しかし、 Roles はノードに直接割り当てることができないため、まず Roles とホストを紐づけるプレイブックを作成します。 `~/ansible-files` ディレクトリの直下に `test_apache_role.yml` ファイルを以下の内容で作成します。 diff --git a/exercises/ansible_rhel/1.7-role/README.md b/exercises/ansible_rhel/1.7-role/README.md index 67150a851..ba0026e72 100644 --- a/exercises/ansible_rhel/1.7-role/README.md +++ b/exercises/ansible_rhel/1.7-role/README.md @@ -1,19 +1,32 @@ -# Exercise 1.7 - Roles: Making your playbooks reusable +# Workshop Exercise - Roles: Making your playbooks reusable **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Step 7.1 - Understanding the Ansible Role Structure](#step-71---understanding-the-ansible-role-structure) -* [Step 7.2 - Create a Basic Role Directory Structure](#step-72---create-a-basic-role-directory-structure) -* [Step 7.3 - Create the Tasks File](#step-73---create-the-tasks-file) -* [Step 7.4 - Create the handler](#step-74---create-the-handler) -* [Step 7.5 - Create the index.html and vhost configuration file template](#step-75---create-the-indexhtml-and-vhost-configuration-file-template) -* [Step 7.6 - Test the role](#step-76---test-the-role) +## Table of Contents + +* [Objective](#objective) +* [Guide](#guide) +* [Step 1 - Understanding the Ansible Role Structure](#step-1---understanding-the-ansible-role-structure) +* [Step 2 - Create a Basic Role Directory Structure](#step-2---create-a-basic-role-directory-structure) +* [Step 3 - Create the Tasks File](#step-3---create-the-tasks-file) +* [Step 4 - Create the handler](#step-4---create-the-handler) +* [Step 5 - Create the web.html and vhost configuration file template](#step-5---create-the-indexhtml-and-vhost-configuration-file-template) +* [Step 6 - Test the role](#step-6---test-the-role) + +# Objective While it is possible to write a playbook in one file as we've done throughout this workshop, eventually you’ll want to reuse files and start to organize things. -Ansible Roles are the way we do this. When you create a role, you deconstruct your playbook into parts and those parts sit in a directory structure. This is explained in more detail in the [best practice](http://docs.ansible.com/ansible/playbooks_best_practices.html) already mentioned in exercise 3. +Ansible Roles are the way we do this. When you create a role, you deconstruct your playbook into parts and those parts sit in a directory structure. This is explained in more detail in the [best practice](http://docs.ansible.com/ansible/playbooks_best_practices.html). + +This exercise will cover: +- the folder structure of an Ansible Role +- how to build an Ansible Role +- creating an Ansible Play to use and execute a role -## Step 7.1 - Understanding the Ansible Role Structure +# Guide + +## Step 1 - Understanding the Ansible Role Structure Roles are basically automation built around *include* directives and really don’t contain much additional magic beyond some improvements to search path handling for referenced files. @@ -61,7 +74,7 @@ Using roles in a Playbook is straight forward: For each role, the tasks, handlers and variables of that role will be included in the Playbook, in that order. Any copy, script, template, or include tasks in the role can reference the relevant files, templates, or tasks *without absolute or relative path names*. Ansible will look for them in the role's files, templates, or tasks respectively, based on their use. -## Step 7.2 - Create a Basic Role Directory Structure +## Step 2 - Create a Basic Role Directory Structure Ansible looks for roles in a subdirectory called `roles` in the project directory. This can be overridden in the Ansible configuration. Each role has its own directory. To ease creation of a new role the tool `ansible-galaxy` can be used. @@ -82,7 +95,7 @@ Have a look at the role directories and their content: [student@ansible ansible-files]$ tree roles ``` -## Step 7.3 - Create the Tasks File +## Step 3 - Create the Tasks File The `main.yml` file in the tasks subdirectory of the role should do the following: @@ -133,7 +146,7 @@ Next we add two more tasks to ensure a vhost directory structure and copy html c - name: deliver html content copy: - src: index.html + src: web.html dest: "/var/www/vhosts/{{ ansible_hostname }}" ``` @@ -178,7 +191,7 @@ The full `tasks/main.yml` file is: - name: deliver html content copy: - src: index.html + src: web.html dest: "/var/www/vhosts/{{ ansible_hostname }}" - name: template vhost file @@ -194,7 +207,7 @@ The full `tasks/main.yml` file is: -## Step 7.4 - Create the handler +## Step 4 - Create the handler Create the handler in the file `handlers/main.yml` to restart httpd when notified by the template task: @@ -207,20 +220,20 @@ Create the handler in the file `handlers/main.yml` to restart httpd when notifie state: restarted ``` -## Step 7.5 - Create the index.html and vhost configuration file template +## Step 5 - Create the web.html and vhost configuration file template Create the HTML content that will be served by the webserver. - - Create an index.html file in the "src" directory of the role, `files`: + - Create an web.html file in the "src" directory of the role, `files`: ```bash -[student@ansible ansible-files]$ echo 'simple vhost index' > ~/ansible-files/roles/apache_vhost/files/index.html +[student@ansible ansible-files]$ echo 'simple vhost index' > ~/ansible-files/roles/apache_vhost/files/web.html ``` - Create the `vhost.conf.j2` template file in the role's `templates` subdirectory. -```html +``` # {{ ansible_managed }} @@ -239,7 +252,7 @@ Create the HTML content that will be served by the webserver. ``` -## Step 7.6 - Test the role +## Step 6 - Test the role You are ready to test the role against `node2`. But since a role cannot be assigned to a node directly, first create a playbook which connects the role and the host. Create the file `test_apache_role.yml` in the directory `~/ansible-files`: @@ -279,5 +292,8 @@ simple vhost index All looking good? Congratulations! You have successfully completed the Ansible Engine Workshop Exercises! ---- +**Navigation** +
+[Previous Exercise](../1.6-templates) - [Next Exercise](../1.7-role) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-1---ansible-engine-exercises) diff --git a/exercises/ansible_rhel/1.7-role/README.pt-br.md b/exercises/ansible_rhel/1.7-role/README.pt-br.md index 33b175e67..abf3c94cb 100644 --- a/exercises/ansible_rhel/1.7-role/README.pt-br.md +++ b/exercises/ansible_rhel/1.7-role/README.pt-br.md @@ -1,19 +1,19 @@ -# Exercício 1.7 - Roles: Tornando seus playbooks reutilizáveis +# Exercício - Roles: Tornando seus playbooks reutilizáveis **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Passo 7.1 - Entendendo a estrutura da Role](#passo-71---entendendo-a-estrutura-da-role) -* [Passo 7.2 - Criando uma estrutura básica de diretório de roles](#passo-72---criando-uma-estrutura-básica-de-diretório-de-roles) -* [Passo 7.3 - Criando o arquivo de tasks](#passo-73---criando-o-arquivo-de-tasks) -* [Passo 7.4 - Criando o handler](#passo-74---criando-o-handler) -* [Passo 7.5 - Criando o index.html e template de arquivo de configuração do vhost](#passo-75---criando-o-indexhtml-e-template-de-arquivo-de-configuração-do-vhost) -* [Passo 7.6 - Teste a role](#passo-76---teste-a-role) +* [Passo 1 - Entendendo a estrutura da Role](#passo-1---entendendo-a-estrutura-da-role) +* [Passo 2 - Criando uma estrutura básica de diretório de roles](#passo-2---criando-uma-estrutura-básica-de-diretório-de-roles) +* [Passo 3 - Criando o arquivo de tasks](#passo-3---criando-o-arquivo-de-tasks) +* [Passo 4 - Criando o handler](#passo-4---criando-o-handler) +* [Passo 5 - Criando o index.html e template de arquivo de configuração do vhost](#passo-5---criando-o-indexhtml-e-template-de-arquivo-de-configuração-do-vhost) +* [Passo 6 - Teste a role](#passo-6---teste-a-role) Embora seja possível escrever um playbook em um arquivo, como fizemos neste workshop, você poderá reutilizar arquivos e começar a organizar as coisas. Roles são a maneira como fazemos isso. Quando você cria uma role, desconstrói seu playbook em partes e essas partes ficam em uma estrutura de diretórios. Isso é explicado em mais detalhes nas [melhores práticas](http://docs.ansible.com/ansible/playbooks_best_practices.html) já mencionadas no exercício 3. -## Passo 7.1 - Entendendo a estrutura da Role +## Passo 1 - Entendendo a estrutura da Role As roles são basicamente a automação criada em torno das diretivas *include* e realmente não contêm muita magia adicional além de algumas melhorias no processamento do caminho de pesquisa para arquivos referenciados. @@ -60,7 +60,7 @@ O uso de roles em um Playbook é direto: As tasks, handlers e variáveis dessa role serão incluídas no Playbook, nessa ordem. Qualquer cópia, script, template ou task de inclusão na role pode fazer referência aos arquivos, templates ou tasks relevantes *sem nomes de caminho absolutos ou relativos*. O Ansible procurará por eles nos arquivos, templates ou task da role, respectivamente, com base em seu uso. -## Passo 7.2 - Criando uma estrutura básica de diretório de roles +## Passo 2 - Criando uma estrutura básica de diretório de roles Ansible procura por roles em um subdiretório chamado `roles` no diretório do projeto. Isso pode ser substituído na configuração Ansible. Cada role tem seu próprio diretório. Para facilitar a criação de um novo role, a ferramenta `ansible-galaxy` pode ser usada. @@ -81,7 +81,7 @@ Dê uma olhada nos diretórios de role e seu conteúdo: [student@ansible ansible-files]$ tree roles ``` -## Passo 7.3 - Criando o arquivo de tasks +## Passo 3 - Criando o arquivo de tasks O arquivo `main.yml` no subdiretório de taks da role deve fazer o seguinte: @@ -193,7 +193,7 @@ O arquivo completo `tasks/main.yml` é: -## Passo 7.4 - Criando o handler +## Passo 4 - Criando o handler Crie o handler no arquivo `handlers/main.yml` para reiniciar o httpd quando notificado pela task do template: @@ -206,7 +206,7 @@ Crie o handler no arquivo `handlers/main.yml` para reiniciar o httpd quando noti state: restarted ``` -## Passo 7.5 - Criando o index.html e template de arquivo de configuração do vhost +## Passo 5 - Criando o index.html e template de arquivo de configuração do vhost Crie o conteúdo HTML que será exibido pelo servidor web. @@ -238,7 +238,7 @@ Crie o conteúdo HTML que será exibido pelo servidor web. ``` -## Passo 7.6 - Teste a role +## Passo 6 - Teste a role Você está pronto para testar a role no `node2`. Mas como uma role não pode ser atribuída diretamente a um nó, primeiro crie um Playbook que conecte a role e o host. Crie o arquivo `test_apache_role.yml` no diretório `~/ansible-files`: diff --git a/exercises/ansible_rhel/2.1-intro/README.ja.md b/exercises/ansible_rhel/2.1-intro/README.ja.md index c5d458b36..8ea0c3a03 100644 --- a/exercises/ansible_rhel/2.1-intro/README.ja.md +++ b/exercises/ansible_rhel/2.1-intro/README.ja.md @@ -1,4 +1,4 @@ -# 演習 2.1 - Tower の紹介 +# 演習 - Tower の紹介 **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). diff --git a/exercises/ansible_rhel/2.1-intro/README.md b/exercises/ansible_rhel/2.1-intro/README.md index ce261713d..a62391e78 100644 --- a/exercises/ansible_rhel/2.1-intro/README.md +++ b/exercises/ansible_rhel/2.1-intro/README.md @@ -1,12 +1,28 @@ -# Exercise 2.1 - Introduction to Tower +# Workshop Exercise - Introduction to Ansible Tower **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +## Table Contents + +* [Objective](#objective) +* [Guide](#guide) * [Why Ansible Tower?](#why-ansible-tower) * [Your Ansible Tower Lab Environment](#your-ansible-tower-lab-environment) * [Dashboard](#dashboard) * [Concepts](#concepts) +# Objective + +This exercise will provide an Ansible Tower overview including going through features that are provided by the Red Hat Ansible Automation Platform. This will cover Ansible Tower fundamentals such as: + + - Job Templates + - Projects + - Inventories + - Credentials + - Inventories + +# Guide + ## Why Ansible Tower? Ansible Tower is a web-based UI that provides an enterprise solution for IT automation. It @@ -79,5 +95,8 @@ A job template is a definition and set of parameters for running an Ansible job. A job is basically an instance of Tower launching an Ansible playbook against an inventory of hosts. ---- +**Navigation** +
+[Previous Exercise](../1.7-role) - [Next Exercise](../2.2-cred) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-2---ansible-tower-exercises) diff --git a/exercises/ansible_rhel/2.1-intro/README.pt-br.md b/exercises/ansible_rhel/2.1-intro/README.pt-br.md index 254c5dcc1..7ca19da4a 100644 --- a/exercises/ansible_rhel/2.1-intro/README.pt-br.md +++ b/exercises/ansible_rhel/2.1-intro/README.pt-br.md @@ -1,4 +1,4 @@ -# Exercício 2.1 - Introdução ao Tower +# Exercício - Introdução ao Tower **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). diff --git a/exercises/ansible_rhel/2.2-cred/README.md b/exercises/ansible_rhel/2.2-cred/README.md index 7c0e10036..287d0bd5e 100644 --- a/exercises/ansible_rhel/2.2-cred/README.md +++ b/exercises/ansible_rhel/2.2-cred/README.md @@ -1,44 +1,34 @@ -# Exercise 2.2 - Inventories, credentials and ad hoc commands +# Workshop Exercise - Inventories, credentials and ad hoc commands -**Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +## Table of Contents -* [Create an Inventory](#create-an-inventory) +* [Objective](#objective) +* [Guide](#guide) +* [Examine an Inventory](#examine-an-inventory) * [Machine Credentials](#machine-credentials) -* [Configure Machine Credentials](#configure-machine-credentials) +* [Configure Machine Credentials](#examine-machine-credentials) * [Run Ad Hoc Commands](#run-ad-hoc-commands) * [Challenge Lab: Ad Hoc Commands](#challenge-lab-ad-hoc-commands) -## Create an Inventory +# Objective -Let’s get started with: The first thing we need is an inventory of your managed hosts. This is the equivalent of an inventory file in Ansible Engine. There is a lot more to it (like dynamic inventories) but let’s start with the basics. +Explore and understand the lab environment. This exercise will cover +- Locating and understanding: + - Ansible Tower [**Inventory**](https://docs.ansible.com/ansible-tower/latest/html/userguide/inventories.html) + - Ansible Tower [**Credentials**](https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html) +- Running ad hoc commands via the Ansible Tower web UI - - You should already have the web UI open, if not: Point your browser to the URL you were given, similar to **https://student\.workshopname.rhdemo.io** (replace "\" with your student number and "workshopname" with the name of your current workshop) and log in as `admin`. The password will be provided by the instructor. - -Create the inventory: - - - In the web UI menu on the left side, go to **RESOURCES** → **Inventories**, click the ![plus](images/green_plus.png) button on the right side and choose **Inventory**. - - - **NAME:** Workshop Inventory - - - **ORGANIZATION:** Default - - - Click **SAVE** - -Now there will be two inventories, the **Demo Inventory** and the **Workshop Inventory**. In the **Workshop Inventory** click the **Hosts** button, it will be empty since we have not added any hosts there. +# Guide -So let's add some hosts. First we need to have the list of all hosts which are accessible to you within this lab. These can be found in an inventory on the ansible control node on which Tower is installed. You'll find the password for the SSH connection there as well. +## Examine an Inventory -Login to your Tower control host via SSH: +The first thing we need is an inventory of your managed hosts. This is the equivalent of an inventory file in Ansible Engine. There is a lot more to it (like dynamic inventories) but let’s start with the basics. -> **Warning** -> -> Replace **workshopname** by the workshop name provided to you, and the **X** in student**X** by the student number provided to you. + - You should already have the web UI open, if not: Point your browser to the URL you were given, similar to **https://student\.workshopname.rhdemo.io** (replace "\" with your student number and "workshopname" with the name of your current workshop) and log in as `admin`. The password will be provided by the instructor. -```bash -ssh student@student.workshopname.rhdemo.io -``` +There will be one inventory, the **Workshop Inventory**. Click the **Workshop Inventory** then click the **Hosts** button -You can find the inventory information at `~/lab_inventory/hosts`. Output them with `cat`, they should look like: +The inventory information at `~/lab_inventory/hosts` was pre-loaded into the Ansible Tower Inventory as part of the provisioning process. ```bash $ cat ~/lab_inventory/hosts @@ -59,86 +49,36 @@ ansible ansible_host=11.22.33.44 > > In your inventory the IP addresses will be different. -Note the names for the nodes and the IP addresses, we will use them to fill the inventory in Tower now: - - - In the inventory view of Tower click on your **Workshop Inventory** - - - Click on the **HOSTS** button - - - To the right click the ![plus](images/green_plus.png) button. - - - **HOST NAME:** `node1` - - - **Variables:** Under the three dashes `---`, enter `ansible_host: 22.33.44.55` in a new line. Make sure to enter your specific IP address for your `node1` from the inventory looked up above, and note that the variable definition has a colon **:** and a space between the values, not an equal sign **=** like in the inventory file. - - - Click **SAVE** - - - Go back to **HOSTS** and repeat to add `node2` as a second host and `node3` as a third node. Make sure that for each node you enter the right IP addresses. - -You have now created an inventory with three managed hosts. - -## Machine Credentials - -One of the great features of Ansible Tower is to make credentials usable to users without making them visible. To allow Tower to execute jobs on remote hosts, you must configure connection credentials. - -> **Note** -> -> This is one of the most important features of Tower: **Credential Separation**\! Credentials are defined separately and not with the hosts or inventory settings. - -As this is an important part of your Tower setup, why not make sure that connecting to the managed nodes from Tower is working? +## Examine Machine Credentials - To access the Tower host via SSH do the following: +Now we will examine the credentials to access our managed hosts from Tower. As part of the provisioning process for this Ansible Workshop the **Workshop Credential** has already been setup. -- Login to your Tower control host via SSH: `ssh student@student.workshopname.rhdemo.io` -- Replace **workshopname** by the workshop name provided to you, and the `` in `student` by the student number provided to you. -- From Tower SSH into `node1` or one of the other nodes (look up the IP addresses from the inventory) and execute `sudo -i`. -- For the SSH connection use the node password from the inventory file, `sudo -i` works without password. +In the **RESOURCES** menu choose **Credentials**. Now click on the **Workshop Credential**. -```bash -[student@ansible ~]$ ssh student@22.33.44.55 -student@22.33.44.55's password: -Last login: Thu Jul 4 14:47:04 2019 from 11.22.33.44 -[student@node1 ~]$ sudo -i -[root@node1 ~]# -``` - -What does this mean? - - - Tower user **student\** can connect to the managed hosts with password based SSH - - - User **student\** can execute commands on the managed hosts as **root** with `sudo` - -## Configure Machine Credentials - -Now we will configure the credentials to access our managed hosts from Tower. In the **RESOURCES** menu choose **Credentials**. Now: - -Click the ![plus](images/green_plus.png) button to add new credentials - - - **NAME:** Workshop Credentials - - - **ORGANIZATION:** Default - - - **CREDENTIAL TYPE:** Click on the magnifying glass, pick **Machine** and click ![plus](images/select.png) - - - **USERNAME:** student\ - make sure to replace the **\** with your actual student number! - - - **PASSWORD:** Enter the password from the inventory file. +Note the following information: - - **PRIVILEGE ESCALATION METHOD:** sudo + + + + + + + + + + + + + + + + + +
ParameterValue
Credential TypeMachine- Machine credentials define ssh and user-level privilege escalation access for playbooks. They are used when submitting jobs to run playbooks on a remote host.
usernameec2-user which matches our command-line Ansible inventory username for the other linux nodes
SSH PRIVATE KEYENCRYPTED - take note that you can't actually examine the SSH private key once someone hands it over to Ansible Tower
- - Click **SAVE** +## Run Ad Hoc commands - - Go back to the **RESOURCES** → **Credentials** → **Workshop Credentials** and note that the password is not visible. - -> **Tip** -> -> Whenever you see a magnifiying glass icon next to an input field, clicking it will open a list to choose from. - -You have now setup credentials to use later for your inventory hosts. - -## Run Ad Hoc Commands - -As you’ve probably done with Ansible before you can run ad hoc commands from Tower as well. +It is possible to run run ad hoc commands from Ansible Tower as well. - In the web UI go to **RESOURCES → Inventories → Workshop Inventory** @@ -146,27 +86,65 @@ As you’ve probably done with Ansible before you can run ad hoc commands from T - Click **RUN COMMANDS**. In the next screen you have to specify the ad hoc command: - - As **MODULE** choose **ping** - - - For **MACHINE CREDENTIAL** click the magnifying glass icon and select **Workshop Credentials**. - - - Click **LAUNCH**, and watch the output. + + + + + + + + + + + + + +
ParameterValue
MODULEMACHINE CREDENTIAL
pingWorkshop Credentials
+ + - Click **LAUNCH**, and watch the output. + +
The simple **ping** module doesn’t need options. For other modules you need to supply the command to run as an argument. Try the **command** module to find the userid of the executing user using an ad hoc command. -- **MODULE:** command - -- **ARGUMENTS:** id + + + + + + + + + + + + + +
ParameterValue
MODULEcommand
ARGUMENTSid
> **Tip** > > After choosing the module to run, Tower will provide a link to the docs page for the module when clicking the question mark next to "Arguments". This is handy, give it a try. +
+ How about trying to get some secret information from the system? Try to print out */etc/shadow*. -- **MODULE:** command + + + + + + + + + + + + + +
ParameterValue
MODULEcommand
ARGUMENTScat /etc/shadow
-- **ARGUMENTS:** cat /etc/shadow > **Warning** > @@ -176,7 +154,7 @@ Oops, the last one didn’t went well, all red. Re-run the last ad hoc command but this time tick the **ENABLE PRIVILEGE ESCALATION** box. -As you see, this time it worked. For tasks that have to run as root you need to escalate the privileges. This is the same as the **become: yes** you’ve probably used often in your Ansible Playbooks. +As you see, this time it worked. For tasks that have to run as root you need to escalate the privileges. This is the same as the **become: yes** used in your Ansible Playbooks. ## Challenge Lab: Ad Hoc Commands @@ -186,16 +164,32 @@ Okay, a small challenge: Run an ad hoc to make sure the package "tmux" is instal > > **Solution below\!** - - **MODULE:** yum - - - **ARGUMENTS:** name=tmux - - - Tick **ENABLE PRIVILEGE ESCALATION** + + + + + + + + + + + + + + + + + +
ParameterValue
yumcommand
ARGUMENTSname=tmux
ENABLE PRIVILEGE ESCALATION
> **Tip** > > The yellow output of the command indicates Ansible has actually done something (here it needed to install the package). If you run the ad hoc command a second time, the output will be green and inform you that the package was already installed. So yellow in Ansible doesn’t mean "be careful"…​ ;-). ---- +**Navigation** +
+[Previous Exercise](../2.1-intro) - [Next Exercise](../2.3-cred) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-2---ansible-tower-exercises) diff --git a/exercises/ansible_rhel/2.3-projects/README.ja.md b/exercises/ansible_rhel/2.3-projects/README.ja.md index 8cc1bafcb..1c88af2da 100644 --- a/exercises/ansible_rhel/2.3-projects/README.ja.md +++ b/exercises/ansible_rhel/2.3-projects/README.ja.md @@ -1,4 +1,4 @@ -# 演習 2.3 - プロジェクトとジョブテンプレート +# 演習 - プロジェクトとジョブテンプレート **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). diff --git a/exercises/ansible_rhel/2.3-projects/README.md b/exercises/ansible_rhel/2.3-projects/README.md index a2cc6873c..ed2f0095d 100644 --- a/exercises/ansible_rhel/2.3-projects/README.md +++ b/exercises/ansible_rhel/2.3-projects/README.md @@ -1,16 +1,27 @@ -# Exercise 2.3 - Projects & job templates +# Workshop Exercise - Projects & job templates **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +## Table Contents + +* [Objective](#objective) +* [Guide](#guide) * [Setup Git Repository](#setup-git-repository) * [Create the Project](#create-the-project) * [Create a Job Template and Run a Job](#create-a-job-template-and-run-a-job) * [Challenge Lab: Check the Result](#challenge-lab-check-the-result) * [What About Some Practice?](#what-about-some-practice) -A Tower **Project** is a logical collection of Ansible Playbooks. You can manage your playbooks by placing them into a source code management (SCM) system supported by Tower, including Git, Subversion, and Mercurial. +# Objective + +An Ansible Tower **Project** is a logical collection of Ansible Playbooks. You can manage your playbooks by placing them into a source code management (SCM) system supported by Tower, including Git, Subversion, and Mercurial. -You should definitely keep your Playbooks under version control. In this lab we’ll use Playbooks kept in a Git repository. +This exercise covers +- Understanding and using an Ansible Tower Project +- Using Ansible Playbooks kept in a Git repository. +- Creating and using an Ansible Job Template + +# Guide ## Setup Git Repository @@ -19,7 +30,7 @@ For this demonstration we will use playbooks stored in a Git repository: **https://github.com/ansible/workshop-examples** -A Playbook to install the Apache webserver has already been commited to the directory **rhel/apache**, `apache_install.yml`: +A Playbook to install the Apache web server has already been committed to the directory **rhel/apache**, `apache_install.yml`: ```yaml --- @@ -65,13 +76,26 @@ To configure and use this repository as a **Source Control Management (SCM)** sy ## Create the Project - - Go to **RESOURCES → Projects** in the side menu view click the ![plus](images/green_plus.png) button. Fill in the form: - - - **NAME:** Ansible Workshop Examples - - - **ORGANIZATION:** Default - - - **SCM TYPE:** Git + - Go to **RESOURCES → Projects** in the side menu view click the green **+** button. Fill in the form: + + + + + + + + + + + + + + + + + + +
ParameterValue
NAMEAnsible Workshop Examples
ORGANIZATIONDefault
SCM TYPEGit
Now you need the URL to access the repo. Go to the Github repository mentioned above, choose the green **Clone or download** button on the right, click on **Use https** and copy the HTTPS URL. @@ -81,13 +105,25 @@ Now you need the URL to access the repo. Go to the Github repository mentioned a Enter the URL into the Project configuration: -- **SCM URL:** `https://github.com/ansible/workshop-examples.git` + + + + + + + + + + + + + +
ParameterValue
SCM URLhttps://github.com/ansible/workshop-examples.git
SCM UPDATE OPTIONSTick the first three boxes to always get a fresh copy of the repository and to update the repository when launching a job
-- **SCM UPDATE OPTIONS:** Tick the first three boxes to always get a fresh copy of the repository and to update the repository when launching a job. - Click **SAVE** -The new Project will be synced automatically after creation. But you can also do this automatically: Sync the Project again with the Git repository by going to the **Projects** view and clicking the circular arrow **Get latest SCM revision** icon to the right of the Project. +The new Project will be synced automatically after creation. But you can also do this manually: Sync the Project again with the Git repository by going to the **Projects** view and clicking the circular arrow **Get latest SCM revision** icon to the right of the Project. After starting the sync job, go to the **Jobs** view: there is a new job for the update of the Git repository. @@ -109,19 +145,44 @@ Okay, let’s just do that: Go to the **Templates** view, click the ![plus](imag > > Remember that you can often click on magnfying glasses to get an overview of options to pick to fill in fields. -- **NAME:** Install Apache - -- **JOB TYPE:** Run - -- **INVENTORY:** Workshop Inventory - -- **PROJECT:** Ansible Workshop Examples - -- **PLAYBOOK:** `rhel/apache/apache_install.yml` - -- **CREDENTIAL:** Workshop Credentials - -- We need to run the tasks as root so check **Enable privilege escalation** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterValue
NAMEInstall Apache
JOB TYPERun
INVENTORYWorkshop Inventory
PROJECTAnsible Workshop Examples
PLAYBOOKrhel/apache/apache_install.yml
CREDENTIALWorkshop Credentials
LIMITweb
OPTIONStasks need to run as root so check **Enable privilege escalation**
- Click **SAVE** @@ -161,11 +222,26 @@ You have already been through all the steps needed, so try this for yourself. - In the **HOSTS** view select all hosts and click **RUN COMMANDS** -- **MODULE:** command - -- **ARGUMENTS:** systemctl status httpd - -- **MACHINE CREDENTIALS:** Workshop Credentials +- Fill out the following: + + + + + + + + + + + + + + + + + + +
ParameterValue
MODULEcommand
ARGUMENTSsystemctl status httpd
MACHINE CREDENTIALSWorkshop Credentials
- Click **LAUNCH** @@ -198,5 +274,8 @@ Here is a list of tasks: > The Job didn’t change anything because Apache was already installed in the latest version. ---- +**Navigation** +
+[Previous Exercise](../2.2-cred) - [Next Exercise](../2.4-surveys) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-2---ansible-tower-exercises) diff --git a/exercises/ansible_rhel/2.3-projects/README.pt-br.md b/exercises/ansible_rhel/2.3-projects/README.pt-br.md index 03b27468d..3e6eddbe7 100644 --- a/exercises/ansible_rhel/2.3-projects/README.pt-br.md +++ b/exercises/ansible_rhel/2.3-projects/README.pt-br.md @@ -1,4 +1,4 @@ -# Exercício 2.3 - Projects & job templates +# Exercício - Projects & job templates **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). diff --git a/exercises/ansible_rhel/2.4-surveys/README.ja.md b/exercises/ansible_rhel/2.4-surveys/README.ja.md index c438b4803..3c8ecd331 100644 --- a/exercises/ansible_rhel/2.4-surveys/README.ja.md +++ b/exercises/ansible_rhel/2.4-surveys/README.ja.md @@ -1,4 +1,4 @@ -# 演習 2.4 - Survey 機能 +# 演習 - Survey 機能 **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). diff --git a/exercises/ansible_rhel/2.4-surveys/README.md b/exercises/ansible_rhel/2.4-surveys/README.md index 208b292f5..a6cc91fc0 100644 --- a/exercises/ansible_rhel/2.4-surveys/README.md +++ b/exercises/ansible_rhel/2.4-surveys/README.md @@ -1,7 +1,11 @@ -# Exercise 2.4 - Surveys +# Exercise - Surveys **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +## Table Contents + +* [Objective](#objective) +* [Guide](#guide) * [The Apache-configuration Role](#the-apache-configuration-role) * [Create a Template with a Survey](#create-a-template-with-a-survey) * [Create Template](#create-template) @@ -9,7 +13,11 @@ * [Launch the Template](#launch-the-template) * [What About Some Practice?](#what-about-some-practice) -You might have noticed the **ADD SURVEY** button in the **Template** configuration view. A survey is a way to create a simple form to ask for parameters that get used as variables when a **Template** is launched as a **Job**. +# Objective + +Demonstrate the use of Ansible Tower [survey feature](https://docs.ansible.com/ansible-tower/latest/html/userguide/job_templates.html#surveys). Surveys set extra variables for the playbook similar to ‘Prompt for Extra Variables’ does, but in a user-friendly question and answer way. Surveys also allow for validation of user input. + +# Guide You have installed Apache on all hosts in the job you just run. Now we’re going to extend on this: @@ -66,19 +74,40 @@ Try for yourself, the solution is below. > > **Solution Below\!** -- **NAME:** Create index.html - -- **JOB TYPE:** Run - -- **INVENTORY:** Webserver - -- **Project:** Ansible Workshop Examples - -- **PLAYBOOK:** `rhel/apache/apache_role_install.yml` - -- **CREDENTIAL:** Workshop Credentials - -- **OPTIONS:** Enable Privilege Escalation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterValue
NAMECreate index.html
JOB TYPERun
INVENTORYWebserver
ProjectAnsible Workshop Examples
PLAYBOOKrhel/apache/apache_role_install.yml
CREDENTIALWorkshop Credentials
OPTIONSEnable Privilege Escalation
- Click **SAVE** @@ -92,21 +121,47 @@ Try for yourself, the solution is below. - Under **ADD SURVEY PROMPT** fill in: - - **PROMPT:** First Line - - - **ANSWER VARIABLE NAME:** `first_line` - - - **ANSWER TYPE:** Text + + + + + + + + + + + + + + + + + +
ParameterValue
PROMPTFirst Line
ANSWER VARIABLE NAMEfirst_line
ANSWER TYPEText
- Click **+ADD** - In the same way add a second **Survey Prompt** - - **PROMPT:** Second Line - - - **ANSWER VARIABLE NAME:** `second_line` - - - **ANSWER TYPE:** Text + + + + + + + + + + + + + + + + + +
ParameterValue
PROMPTSecond Line
ANSWER VARIABLE NAMEsecond_line
ANSWER TYPEText
- Click **+ADD** diff --git a/exercises/ansible_rhel/2.4-surveys/README.pt-br.md b/exercises/ansible_rhel/2.4-surveys/README.pt-br.md index a1e1d1456..091cfaa66 100644 --- a/exercises/ansible_rhel/2.4-surveys/README.pt-br.md +++ b/exercises/ansible_rhel/2.4-surveys/README.pt-br.md @@ -1,4 +1,4 @@ -# Exercise 2.4 - Surveys +# Exercise - Surveys **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). diff --git a/exercises/ansible_rhel/2.5-rbac/README.ja.md b/exercises/ansible_rhel/2.5-rbac/README.ja.md index 4a9d35d1b..480864e02 100644 --- a/exercises/ansible_rhel/2.5-rbac/README.ja.md +++ b/exercises/ansible_rhel/2.5-rbac/README.ja.md @@ -1,4 +1,4 @@ -# 演習 2.5 - ロールベースのアクセス制御 +# 演習 - ロールベースのアクセス制御 **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). diff --git a/exercises/ansible_rhel/2.5-rbac/README.md b/exercises/ansible_rhel/2.5-rbac/README.md index 2d398cce3..5902c836b 100644 --- a/exercises/ansible_rhel/2.5-rbac/README.md +++ b/exercises/ansible_rhel/2.5-rbac/README.md @@ -1,13 +1,21 @@ -# Exercise 2.5 - Role-based access control +# Workshop Exercise - Role-based access control **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +## Table Contents + +* [Objective](#objective) +* [Guide](#guide) * [Ansible Tower Users](#ansible-tower-users) * [Ansible Tower Teams](#ansible-tower-teams) * [Granting Permissions](#granting-permissions) * [Test Permissions](#test-permissions) -You have already learned how Tower separates credentials from users. Another advantage of Ansible Tower is the user and group rights management. +# Objective + +You have already learned how Ansible Tower separates credentials from users. Another advantage of Ansible Tower is the user and group rights management. This exercise demonstrates Role Based Access Control (RBAC) + +# Guide ## Ansible Tower Users @@ -27,17 +35,47 @@ Let’s create a user: - Fill in the values for the new user: - - **FIRST NAME:** Werner - - - **LAST NAME:** Web - - - **EMAIL:** wweb@example.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterValue
FIRST NAME Werner
LAST NAMEWeb
OrganizationDefault
EMAILwweb@example.com
USERNAMEwweb
PASSWORDansible
CONFIRM PASSWORDansible
USER TYPENormal User
- - **USERNAME:** wweb - - **USER TYPE:** Normal User - - **PASSWORD:** ansible - Confirm password @@ -115,5 +153,8 @@ Effectively you provided the power to execute automation to another user without This capability is one of the main strengths of Ansible Tower\! ---- +**Navigation** +
+[Previous Exercise](../2.4-surveys) - [Next Exercise](../2.6-workflows) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-2---ansible-tower-exercises) diff --git a/exercises/ansible_rhel/2.5-rbac/README.pt-br.md b/exercises/ansible_rhel/2.5-rbac/README.pt-br.md index c5e1c03a2..580f73176 100644 --- a/exercises/ansible_rhel/2.5-rbac/README.pt-br.md +++ b/exercises/ansible_rhel/2.5-rbac/README.pt-br.md @@ -1,4 +1,4 @@ -# Exercicio 2.5 - Controle de acesso baseado em role +# Exercicio - Controle de acesso baseado em role **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). diff --git a/exercises/ansible_rhel/2.6-workflows/README.ja.md b/exercises/ansible_rhel/2.6-workflows/README.ja.md index 951bc5098..194acc5ed 100644 --- a/exercises/ansible_rhel/2.6-workflows/README.ja.md +++ b/exercises/ansible_rhel/2.6-workflows/README.ja.md @@ -1,4 +1,4 @@ -# 演習 2.6 - ワークフロー +# 演習 - ワークフロー **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). diff --git a/exercises/ansible_rhel/2.6-workflows/README.md b/exercises/ansible_rhel/2.6-workflows/README.md index 3e50ce769..f60eb90c9 100644 --- a/exercises/ansible_rhel/2.6-workflows/README.md +++ b/exercises/ansible_rhel/2.6-workflows/README.md @@ -1,7 +1,11 @@ -# Exercise 2.6 - Workflows +# Workshop Exercise - Workflows **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +## Table Contents + +* [Objective](#objective) +* [Guide](#guide) * [Ansible Tower Workflows](#ansible-tower-workflows) * [Lab Scenario](#lab-scenario) * [Set up Projects](#set-up-projects) @@ -9,9 +13,9 @@ * [Set up the Workflow](#set-up-the-workflow) * [And Action](#and-action) -# Ansible Tower Workflows +# Objective -Workflows were introduced as a major new feature in Ansible Tower 3.1. The basic idea of a workflow is to link multiple Job Templates together. They may or may not share inventory, Playbooks or even permissions. The links can be conditional: +The basic idea of a workflow is to link multiple Job Templates together. They may or may not share inventory, Playbooks or even permissions. The links can be conditional: - if job template A succeeds, job template B is automatically executed afterwards @@ -19,13 +23,14 @@ Workflows were introduced as a major new feature in Ansible Tower 3.1. The basic And the workflows are not even limited to Job Templates, but can also include project or inventory updates. -This enables new applications for Tower: different Job Templates can build upon each other. E.g. the networking team creates playbooks with their own content, in their own Git repository and even targeting their own inventory, while the operations team also has their own repos, playbooks and inventory. +This enables new applications for Ansible Tower: different Job Templates can build upon each other. E.g. the networking team creates playbooks with their own content, in their own Git repository and even targeting their own inventory, while the operations team also has their own repos, playbooks and inventory. In this lab you’ll learn how to setup a workflow. +# Guide ## Lab Scenario -You have two departements in your organization: +You have two departments in your organization: - The web operations team that is developing Playbooks in their own Git repository. @@ -89,17 +94,36 @@ First you have to set up the Git repo as Projects like you normally would. You h - Create the project for the application developers. In the **Projects** view click the green plus button and fill in: - - **NAME:** Webdev Git Repo - - - **ORGANIZATION:** Default - - - **SCM TYPE:** Git - - - **SCM URL:** https://github.com/ansible/workshop-examples.git - - - **SCM BRANCH/TAG/COMMIT:** webdev - - - **SCM UPDATE OPTIONS:** Tick all three boxes. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterValue
NAMEWebdev Git Repo
ORGANIZATIONDefault
SCM TYPEGit
SCM URLhttps://github.com/ansible/workshop-examples.git
SCM BRANCH/TAG/COMMITwebdev
SCM UPDATE OPTIONSTick all three boxes.
- Click **SAVE** @@ -109,43 +133,85 @@ Now you have to create Job Templates like you would for "normal" Jobs. - Go to the **Templates** view, click the green plus button and choose **Job Template**: - - **NAME:** Tomcat Deploy - - - **JOB TYPE:** Run - - - **INVENTORY:** Workshop Inventory - - - **PROJECT:** Webops Git Repo - - - **PLAYBOOK:** `rhel/webops/tomcat.yml` - - - **CREDENTIAL:** Workshop Credentials - - - **OPTIONS:** Enable privilege escalation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterValue
NAMETomcat Deploy
JOB TYPERun
INVENTORYWorkshop Inventory
PROJECTWebops Git Repo
PLAYBOOKrhel/webops/tomcat.yml
CREDENTIALWorkshop Credentials
OPTIONSEnable privilege escalation
- Click **SAVE** - Go to the **Templates** view, click the green plus button and choose **Job Template**: - - **NAME:** Web App Deploy - - - **JOB TYPE:** Run - - - **INVENTORY:** Workshop Inventory - - - **PROJECT:** Webdev Git Repo - - - **PLAYBOOK:** `rhel/webdev/create_jsp.yml` - - - **CREDENTIALS:** Workshop Credentials - - - **OPTIONS:** Enable privilege escalation + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterValue
NAMEWeb App Deploy
JOB TYPERun
INVENTORYWorkshop Inventory
PROJECTWebops Git Repo
PLAYBOOKrhel/webdev/create_jsp.yml
CREDENTIALWorkshop Credentials
OPTIONSEnable privilege escalation
- Click **SAVE** > **Tip** > -> If you want to know what the Playbooks look like, check out the Github URL and switch to the appropriate branches. +> If you want to know what the Ansible Playbooks look like, check out the Github URL and switch to the appropriate branches. ## Set up the Workflow @@ -212,5 +278,8 @@ $ curl http://localhost:8080/coolapp/ > You might have to wait a couple of minutes until Tomcat answers requests. ---- +**Navigation** +
+[Previous Exercise](../2.5-rbac) - [Next Exercise](../2.7-wrap) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-2---ansible-tower-exercises) diff --git a/exercises/ansible_rhel/2.6-workflows/README.pt-br.md b/exercises/ansible_rhel/2.6-workflows/README.pt-br.md index a1734e723..810d06b58 100644 --- a/exercises/ansible_rhel/2.6-workflows/README.pt-br.md +++ b/exercises/ansible_rhel/2.6-workflows/README.pt-br.md @@ -1,4 +1,4 @@ -# Exercício 2.6 - Workflows +# Exercício - Workflows **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). diff --git a/exercises/ansible_rhel/2.7-wrap/README.ja.md b/exercises/ansible_rhel/2.7-wrap/README.ja.md index 417da051e..1b80299b9 100644 --- a/exercises/ansible_rhel/2.7-wrap/README.ja.md +++ b/exercises/ansible_rhel/2.7-wrap/README.ja.md @@ -1,4 +1,4 @@ -# 演習 2.7 - まとめ +# 演習 - まとめ **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png) [日本語](README.ja.md). diff --git a/exercises/ansible_rhel/2.7-wrap/README.md b/exercises/ansible_rhel/2.7-wrap/README.md index 8203f1e6e..d15c75499 100644 --- a/exercises/ansible_rhel/2.7-wrap/README.md +++ b/exercises/ansible_rhel/2.7-wrap/README.md @@ -1,8 +1,11 @@ -# Exercise 2.7 - Wrap up +# Workshop Exercise - Wrap up **Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png) [日本語](README.ja.md). -* [Final Challenge or Putting it all Together](#final-challenge-or-putting-it-all-together) +## Table of Contents + +* [Objective](#objective) +* [Guide](#guide) * [Let’s set the stage](#lets-set-the-stage) * [The Git Repository](#the-git-repository) * [Prepare Inventory](#prepare-inventory) @@ -12,13 +15,15 @@ * [Solution](#solution) * [The End](#the-end) -# Final Challenge or Putting it all Together +# Objective This is the final challenge where we try to put most of what you have learned together. +# Guide + ## Let’s set the stage -Your operations team and your application development team like what they see in Tower. To really use it in their environment they put together these requirements: +Your operations team and your application development team likes what they see in Ansible Tower. To really use it in their environment they put together these requirements: - All webservers (`node1`, `node2` and `node3`) should go in one group @@ -192,5 +197,8 @@ You have done all the required configuration steps in the lab already. If unsure Congratulations, you finished your labs\! We hope you enjoyed your first encounter with Ansible Tower as much as we enjoyed creating the labs. ---- +**Navigation** +
+[Previous Exercise](../2.6-workflows) [Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-2---ansible-tower-exercises) diff --git a/exercises/ansible_rhel/2.7-wrap/README.pt-br.md b/exercises/ansible_rhel/2.7-wrap/README.pt-br.md index a37b81900..ffc314cce 100644 --- a/exercises/ansible_rhel/2.7-wrap/README.pt-br.md +++ b/exercises/ansible_rhel/2.7-wrap/README.pt-br.md @@ -1,4 +1,4 @@ -# Exercício 2.7 - Wrap up +# Exercício - Wrap up **Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png) [日本語](README.ja.md). diff --git a/exercises/ansible_rhel/README.ja.md b/exercises/ansible_rhel/README.ja.md index 77b028653..5060c5020 100644 --- a/exercises/ansible_rhel/README.ja.md +++ b/exercises/ansible_rhel/README.ja.md @@ -37,12 +37,11 @@ Ansibleのベストプラクティスもあわせてご覧ください: - [演習 1.5 - 条件式、ハンドラ、ループを使う](1.5-handlers/README.ja.md) - [演習 1.6 - テンプレートを使う](1.6-templates/README.ja.md) - [演習 1.7 - Roles](1.7-role/README.ja.md) - - [演習 1.8 - ボーナスラボ](1.8-bonus/README.ja.md) ## Section 2 - Ansible Towerの演習 - [演習 2.1 - Tower の紹介](2.1-intro/README.ja.md) - - [演習 2.2 - インベントリー、認証情報、アドホックコマンド](2.2-cred/README.ja.md) + - 演習 2.2 - インベントリー、認証情報、アドホックコマンド - not translated - [演習 2.3 - プロジェクトとジョブテンプレート](2.3-projects/README.ja.md) - [演習 2.4 - Survey 機能](2.4-surveys/README.ja.md) - [演習 2.5 - ロールベースのアクセス制御](2.5-rbac/README.ja.md) diff --git a/exercises/ansible_rhel/README.md b/exercises/ansible_rhel/README.md index 66c93b923..cfb9dffb8 100644 --- a/exercises/ansible_rhel/README.md +++ b/exercises/ansible_rhel/README.md @@ -37,7 +37,6 @@ If your experience is different in schedulung these workshops, please let us kno - [Exercise 1.5 - Conditionals, Handlers and Loops](1.5-handlers) - [Exercise 1.6 - Templates](1.6-templates) - [Exercise 1.7 - Roles](1.7-role) - - [Exercise 1.8 - Bonus Labs](1.8-bonus) ## Section 2 - Ansible Tower Exercises @@ -49,6 +48,12 @@ If your experience is different in schedulung these workshops, please let us kno - [Exercise 2.6 - Workflows](2.6-workflows) - [Exercise 2.7 - Wrap up](2.7-wrap) +## Supplemental Exercises + +There is also a series of exercises that go above and beyond our normal workshop content. Please check out our supplemental exercises if you want more content to learn from. + + - [Supplemental Exercises](supplemental) + ## Additional information - [Ansible Getting Started](http://docs.ansible.com/ansible/latest/intro_getting_started.html) diff --git a/exercises/ansible_rhel/README.pt-br.md b/exercises/ansible_rhel/README.pt-br.md index 3360b365d..a114165e5 100644 --- a/exercises/ansible_rhel/README.pt-br.md +++ b/exercises/ansible_rhel/README.pt-br.md @@ -42,7 +42,7 @@ Se a sua experiência for diferente na programação desses workshops, informe-n ## Seção 2 - Exercícios do Ansible Tower - [Exercício 2.1 - Introdução ao Tower](2.1-intro/README.pt-br.md) - - [Exercício 2.2 - Inventários, credenciais e comandos ad hoc](2.2-cred/README.pt-br.md) + - Exercício 2.2 - Inventários, credenciais e comandos ad hoc - not translated - [Exercício 2.3 - Projects & Job templates](2.3-projects/README.pt-br.md) - [Exercício 2.4 - Surveys](2.4-surveys/README.pt-br.md) - [Exercício 2.5 - Controle de acesso baseado em role](2.5-rbac/README.pt-br.md) diff --git a/exercises/ansible_rhel/supplemental/README.md b/exercises/ansible_rhel/supplemental/README.md new file mode 100644 index 000000000..672952c2a --- /dev/null +++ b/exercises/ansible_rhel/supplemental/README.md @@ -0,0 +1,12 @@ +## Supplemental Exercises + +There is also a series of exercises that go above and beyond our normal workshop content. Please check out our supplemental exercises if you want more content to learn from. + +- [Ad Hoc Commands, Templates and Variables](ad_hoc_and_templates) +- [Ansible Tower - Inventories, credentials and ad hoc commands](ansible_tower_credentials) + + +## Navigation + +- [Return to Ansible for Red Hat Enterprise Linux Workshop](../README.md) +- [Return to Ansible Automation Workshops Index](../../README.md) diff --git a/exercises/ansible_rhel/1.8-bonus/README.ja.md b/exercises/ansible_rhel/supplemental/ad_hoc_and_templates/README.ja.md similarity index 93% rename from exercises/ansible_rhel/1.8-bonus/README.ja.md rename to exercises/ansible_rhel/supplemental/ad_hoc_and_templates/README.ja.md index 6ccd9b23a..cc06e156f 100644 --- a/exercises/ansible_rhel/1.8-bonus/README.ja.md +++ b/exercises/ansible_rhel/supplemental/ad_hoc_and_templates/README.ja.md @@ -1,6 +1,6 @@ # 演習 1.8 - ボーナスラボ -**Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +**Read this in other languages**: ![uk](../../../../images/uk.png) [English](README.md), ![japan](../../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). * [ステップ 1.8.1 - ボーナスラボ: アドホックコマンド](#ステップ-181---ボーナスラボ-アドホックコマンド) * [ステップ 1.8.2 - ボーナスラボ: テンプレートと変数](#ステップ-182---ボーナスラボ-テンプレートと変数) @@ -132,4 +132,4 @@ Playbook `apache_config_tpl.yml` を以下の内容で作成します。 ``` ---- -[Ansible Engine ワークショップ表紙に戻る](../README.ja.md#section-1---ansible-engineの演習) +[Ansible Engine ワークショップ表紙に戻る](../../README.ja.md#section-1---ansible-engineの演習) diff --git a/exercises/ansible_rhel/1.8-bonus/README.md b/exercises/ansible_rhel/supplemental/ad_hoc_and_templates/README.md similarity index 86% rename from exercises/ansible_rhel/1.8-bonus/README.md rename to exercises/ansible_rhel/supplemental/ad_hoc_and_templates/README.md index bad49a037..b97d6ae17 100644 --- a/exercises/ansible_rhel/1.8-bonus/README.md +++ b/exercises/ansible_rhel/supplemental/ad_hoc_and_templates/README.md @@ -1,9 +1,9 @@ -# Exercise 1.8 - Bonus Labs +# Ad Hoc Commands, Templates and Variables -**Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +**Read this in other languages**: ![uk](../../../../images/uk.png) [English](README.md), ![japan](../../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). -* [Step 8.1 - Bonus Lab: Ad Hoc Commands](#step-81---bonus-lab-ad-hoc-commands) -* [Step 8.2 - Bonus Lab: Templates and Variables](#step-82---bonus-lab-templates-and-variables) +* [Step 1 - Bonus Lab: Ad Hoc Commands](#step-1---bonus-lab-ad-hoc-commands) +* [Step 2 - Bonus Lab: Templates and Variables](#step-2---bonus-lab-templates-and-variables) * [Define the variables:](#define-the-variables) * [Prepare the template:](#prepare-the-template) * [Create the Playbook](#create-the-playbook) @@ -11,7 +11,7 @@ You have finished the lab already. But it doesn’t have to end here. We prepared some slightly more advanced bonus labs for you to follow through if you like. So if you are done with the labs and still have some time, here are some more labs for you: -## Step 8.1 - Bonus Lab: Ad Hoc Commands +## Step 1 - Bonus Lab: Ad Hoc Commands Create a new user "testuser" on `node1` and `node3` with a comment using an ad hoc command, make sure that it is not created on `node2`! @@ -43,7 +43,7 @@ Your commands could look like these: [student@ansible ansible-files]$ ansible web -m command -a " id testuser" -b ``` -## Step 8.2 - Bonus Lab: Templates and Variables +## Step 2 - Bonus Lab: Templates and Variables You have learned the basics about Ansible templates, variables and handlers. Let’s combine all of these. @@ -136,4 +136,4 @@ First run the playbook itself, then run curl against `node1` with port `8080` an ---- -[Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../README.md#section-1---ansible-engine-exercises) +[Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../../README.md#section-1---ansible-engine-exercises) diff --git a/exercises/ansible_rhel/1.8-bonus/README.pt-br.md b/exercises/ansible_rhel/supplemental/ad_hoc_and_templates/README.pt-br.md similarity index 93% rename from exercises/ansible_rhel/1.8-bonus/README.pt-br.md rename to exercises/ansible_rhel/supplemental/ad_hoc_and_templates/README.pt-br.md index 005aec109..c3b007fdd 100644 --- a/exercises/ansible_rhel/1.8-bonus/README.pt-br.md +++ b/exercises/ansible_rhel/supplemental/ad_hoc_and_templates/README.pt-br.md @@ -1,6 +1,6 @@ # Exercicio 1.8 - Labs Bônus -**Leia em outra linguagem**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +**Read this in other languages**: ![uk](../../../../images/uk.png) [English](README.md), ![japan](../../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). * [Passo 8.1 - Lab Bônus: Comandos Ad Hoc](#passo-81---lab-bônus-comandos-ad-hoc) * [Passo 8.2 - Lab Bônus: Templates e variáveis](#passo-82---lab-bônus-templates-e-variáveis) @@ -134,4 +134,4 @@ Primeiro, execute o próprio Playbook e em seguida, execute curl no `node1` com ---- -[Clique aqui para retornar ao Workshop Ansible for Red Hat Enterprise Linux](../README.pt-br.md#seção-1---exercícios-do-ansible-engine) +[Clique aqui para retornar ao Workshop Ansible for Red Hat Enterprise Linux](../../README.pt-br.md#seção-1---exercícios-do-ansible-engine) diff --git a/exercises/ansible_rhel/2.2-cred/README.ja.md b/exercises/ansible_rhel/supplemental/ansible_tower_credentials/README.ja.md similarity index 96% rename from exercises/ansible_rhel/2.2-cred/README.ja.md rename to exercises/ansible_rhel/supplemental/ansible_tower_credentials/README.ja.md index 7015085f7..f6cfa64ca 100644 --- a/exercises/ansible_rhel/2.2-cred/README.ja.md +++ b/exercises/ansible_rhel/supplemental/ansible_tower_credentials/README.ja.md @@ -1,6 +1,6 @@ # 演習 2.2 - インベントリー、認証情報、アドホックコマンド -**Read this in other languages**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +**Read this in other languages**: ![uk](../../../../images/uk.png) [English](README.md), ![japan](../../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). * [インベントリーの作成](#インベントリーの作成) * [マシンの認証情報](#マシンの認証情報) @@ -202,4 +202,4 @@ Ansible Engine で実行したアドホックコマンドを Tower でも実行 ---- -[Ansible Tower ワークショップ表紙に戻る](../README.ja.md#section-2---ansible-towerの演習) +[Ansible Tower ワークショップ表紙に戻る](../../README.ja.md#section-2---ansible-towerの演習) diff --git a/exercises/ansible_rhel/supplemental/ansible_tower_credentials/README.md b/exercises/ansible_rhel/supplemental/ansible_tower_credentials/README.md new file mode 100644 index 000000000..ee1a777c1 --- /dev/null +++ b/exercises/ansible_rhel/supplemental/ansible_tower_credentials/README.md @@ -0,0 +1,212 @@ +# Exercise 2.2 - Inventories, credentials and ad hoc commands + +**Read this in other languages**: ![uk](../../../../images/uk.png) [English](README.md), ![japan](../../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). + +* [Create an Inventory](#create-an-inventory) +* [Machine Credentials](#machine-credentials) +* [Configure Machine Credentials](#configure-machine-credentials) +* [Run Ad Hoc Commands](#run-ad-hoc-commands) +* [Challenge Lab: Ad Hoc Commands](#challenge-lab-ad-hoc-commands) + +## Create an Inventory + +Let’s get started with: The first thing we need is an inventory of your managed hosts. This is the equivalent of an inventory file in Ansible Engine. There is a lot more to it (like dynamic inventories) but let’s start with the basics. + + - You should already have the web UI open, if not: Point your browser to the URL you were given, similar to **https://student\.workshopname.rhdemo.io** (replace "\" with your student number and "workshopname" with the name of your current workshop) and log in as `admin`. The password will be provided by the instructor. + +Create the inventory: + + - In the web UI menu on the left side, go to **RESOURCES** → **Inventories**, click the ![plus](images/green_plus.png) button on the right side and choose **Inventory**. + + + + + + + + + + + + + + +
ParameterValue
NAMEWorkshop Inventory
ORGANIZATIONDefault
+ + - Click **SAVE** + +Now there will be two inventories, the **Demo Inventory** and the **Workshop Inventory**. In the **Workshop Inventory** click the **Hosts** button, it will be empty since we have not added any hosts there. + +So let's add some hosts. First we need to have the list of all hosts which are accessible to you within this lab. These can be found in an inventory on the ansible control node on which Tower is installed. You'll find the password for the SSH connection there as well. + +Login to your Tower control host via SSH: + +> **Warning** +> +> Replace **workshopname** by the workshop name provided to you, and the **X** in student**X** by the student number provided to you. + +```bash +ssh student@student.workshopname.rhdemo.io +``` + +You can find the inventory information at `~/lab_inventory/hosts`. Output them with `cat`, they should look like: + +```bash +$ cat ~/lab_inventory/hosts +[all:vars] +ansible_user=student +ansible_ssh_pass=PASSWORD +ansible_port=22 + +[web] +node1 ansible_host=22.33.44.55 +node2 ansible_host=33.44.55.66 +node3 ansible_host=44.55.66.77 + +[control] +ansible ansible_host=11.22.33.44 +``` +> **Warning** +> +> In your inventory the IP addresses will be different. + +Note the names for the nodes and the IP addresses, we will use them to fill the inventory in Tower now: + + - In the inventory view of Tower click on your **Workshop Inventory** + + - Click on the **HOSTS** button + + - To the right click the ![plus](images/green_plus.png) button. + + - **HOST NAME:** `node1` + + - **Variables:** Under the three dashes `---`, enter `ansible_host: 22.33.44.55` in a new line. Make sure to enter your specific IP address for your `node1` from the inventory looked up above, and note that the variable definition has a colon **:** and a space between the values, not an equal sign **=** like in the inventory file. + + - Click **SAVE** + + - Go back to **HOSTS** and repeat to add `node2` as a second host and `node3` as a third node. Make sure that for each node you enter the right IP addresses. + +You have now created an inventory with three managed hosts. + +## Machine Credentials + +One of the great features of Ansible Tower is to make credentials usable to users without making them visible. To allow Tower to execute jobs on remote hosts, you must configure connection credentials. + +> **Note** +> +> This is one of the most important features of Tower: **Credential Separation**\! Credentials are defined separately and not with the hosts or inventory settings. + +As this is an important part of your Tower setup, why not make sure that connecting to the managed nodes from Tower is working? + + To access the Tower host via SSH do the following: + +- Login to your Tower control host via SSH: `ssh student@student.workshopname.rhdemo.io` +- Replace **workshopname** by the workshop name provided to you, and the `` in `student` by the student number provided to you. +- From Tower SSH into `node1` or one of the other nodes (look up the IP addresses from the inventory) and execute `sudo -i`. +- For the SSH connection use the node password from the inventory file, `sudo -i` works without password. + +```bash +[student@ansible ~]$ ssh student@22.33.44.55 +student@22.33.44.55's password: +Last login: Thu Jul 4 14:47:04 2019 from 11.22.33.44 +[student@node1 ~]$ sudo -i +[root@node1 ~]# +``` + +What does this mean? + + - Tower user **student\** can connect to the managed hosts with password based SSH + + - User **student\** can execute commands on the managed hosts as **root** with `sudo` + +## Configure Machine Credentials + +Now we will configure the credentials to access our managed hosts from Tower. In the **RESOURCES** menu choose **Credentials**. Now: + +Click the ![plus](images/green_plus.png) button to add new credentials + + - **NAME:** Workshop Credentials + + - **ORGANIZATION:** Default + + - **CREDENTIAL TYPE:** Click on the magnifying glass, pick **Machine** and click ![plus](images/select.png) + + - **USERNAME:** student\ - make sure to replace the **\** with your actual student number! + + - **PASSWORD:** Enter the password from the inventory file. + + - **PRIVILEGE ESCALATION METHOD:** sudo + + - Click **SAVE** + + - Go back to the **RESOURCES** → **Credentials** → **Workshop Credentials** and note that the password is not visible. + +> **Tip** +> +> Whenever you see a magnifiying glass icon next to an input field, clicking it will open a list to choose from. + +You have now setup credentials to use later for your inventory hosts. + +## Run Ad Hoc Commands + +As you’ve probably done with Ansible before you can run ad hoc commands from Tower as well. + + - In the web UI go to **RESOURCES → Inventories → Workshop Inventory** + + - Click the **HOSTS** button to change into the hosts view and select the three hosts by ticking the boxes to the left of the host entries. + + - Click **RUN COMMANDS**. In the next screen you have to specify the ad hoc command: + + - As **MODULE** choose **ping** + + - For **MACHINE CREDENTIAL** click the magnifying glass icon and select **Workshop Credentials**. + + - Click **LAUNCH**, and watch the output. + +The simple **ping** module doesn’t need options. For other modules you need to supply the command to run as an argument. Try the **command** module to find the userid of the executing user using an ad hoc command. + +- **MODULE:** command + +- **ARGUMENTS:** id + +> **Tip** +> +> After choosing the module to run, Tower will provide a link to the docs page for the module when clicking the question mark next to "Arguments". This is handy, give it a try. + +How about trying to get some secret information from the system? Try to print out */etc/shadow*. + +- **MODULE:** command + +- **ARGUMENTS:** cat /etc/shadow + +> **Warning** +> +> **Expect an error\!** + +Oops, the last one didn’t went well, all red. + +Re-run the last ad hoc command but this time tick the **ENABLE PRIVILEGE ESCALATION** box. + +As you see, this time it worked. For tasks that have to run as root you need to escalate the privileges. This is the same as the **become: yes** you’ve probably used often in your Ansible Playbooks. + +## Challenge Lab: Ad Hoc Commands + +Okay, a small challenge: Run an ad hoc to make sure the package "tmux" is installed on all hosts. If unsure, consult the documentation either via the web UI as shown above or by running `[ansible@tower ~]$ ansible-doc yum` on your Tower control host. + +> **Warning** +> +> **Solution below\!** + + - **MODULE:** yum + + - **ARGUMENTS:** name=tmux + + - Tick **ENABLE PRIVILEGE ESCALATION** + +> **Tip** +> +> The yellow output of the command indicates Ansible has actually done something (here it needed to install the package). If you run the ad hoc command a second time, the output will be green and inform you that the package was already installed. So yellow in Ansible doesn’t mean "be careful"…​ ;-). + +---- + +[Click here to return to the Ansible for Red Hat Enterprise Linux Workshop](../../README.md#section-2---ansible-tower-exercises) diff --git a/exercises/ansible_rhel/2.2-cred/README.pt-br.md b/exercises/ansible_rhel/supplemental/ansible_tower_credentials/README.pt-br.md similarity index 96% rename from exercises/ansible_rhel/2.2-cred/README.pt-br.md rename to exercises/ansible_rhel/supplemental/ansible_tower_credentials/README.pt-br.md index 480a409aa..18e6bfee6 100644 --- a/exercises/ansible_rhel/2.2-cred/README.pt-br.md +++ b/exercises/ansible_rhel/supplemental/ansible_tower_credentials/README.pt-br.md @@ -1,6 +1,6 @@ # Exercício 2.2 - Inventários, Credenciais e comandos ad hoc -**Leia em outras linguagens**: ![uk](../../../images/uk.png) [English](README.md), ![japan](../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). +**Read this in other languages**: ![uk](../../../../images/uk.png) [English](README.md), ![japan](../../../../images/japan.png)[日本語](README.ja.md), ![brazil](../../../../images/brazil.png) [Portugues do Brasil](README.pt-br.md). * [Criando um inventário](#criando-um-inventário) * [Credenciais de máquina](#credenciais-de-máquina) @@ -200,4 +200,4 @@ Agora um pequeno desafio: execute um ad hoc para garantir que o pacote "tmux" es ---- -[Clique aqui para retornar ao Workshop Ansible for Red Hat Enterprise Linux](../README.pt-br.md#seção-2---exercícios-do-ansible-tower) +[Clique aqui para retornar ao Workshop Ansible for Red Hat Enterprise Linux](../../README.pt-br.md#seção-2---exercícios-do-ansible-tower) diff --git a/exercises/ansible_rhel/2.2-cred/images/green_plus.png b/exercises/ansible_rhel/supplemental/ansible_tower_credentials/images/green_plus.png similarity index 100% rename from exercises/ansible_rhel/2.2-cred/images/green_plus.png rename to exercises/ansible_rhel/supplemental/ansible_tower_credentials/images/green_plus.png diff --git a/exercises/ansible_rhel/2.2-cred/images/select.png b/exercises/ansible_rhel/supplemental/ansible_tower_credentials/images/select.png similarity index 100% rename from exercises/ansible_rhel/2.2-cred/images/select.png rename to exercises/ansible_rhel/supplemental/ansible_tower_credentials/images/select.png diff --git a/exercises/ansible_rhel_90/1-setup b/exercises/ansible_rhel_90/1-setup new file mode 120000 index 000000000..824c88775 --- /dev/null +++ b/exercises/ansible_rhel_90/1-setup @@ -0,0 +1 @@ +../ansible_rhel/1.1-setup \ No newline at end of file diff --git a/exercises/ansible_rhel_90/2-adhoc b/exercises/ansible_rhel_90/2-adhoc new file mode 120000 index 000000000..1f68ae011 --- /dev/null +++ b/exercises/ansible_rhel_90/2-adhoc @@ -0,0 +1 @@ +../ansible_rhel/1.2-adhoc \ No newline at end of file diff --git a/exercises/ansible_rhel_90/3-variables b/exercises/ansible_rhel_90/3-variables new file mode 120000 index 000000000..a40dd079a --- /dev/null +++ b/exercises/ansible_rhel_90/3-variables @@ -0,0 +1 @@ +../ansible_rhel/1.4-variables \ No newline at end of file diff --git a/exercises/ansible_rhel_90/4-roles b/exercises/ansible_rhel_90/4-roles new file mode 120000 index 000000000..ddc9975ad --- /dev/null +++ b/exercises/ansible_rhel_90/4-roles @@ -0,0 +1 @@ +../ansible_rhel/1.7-role \ No newline at end of file diff --git a/exercises/ansible_rhel_90/5-surveys b/exercises/ansible_rhel_90/5-surveys new file mode 120000 index 000000000..0f2aa3353 --- /dev/null +++ b/exercises/ansible_rhel_90/5-surveys @@ -0,0 +1 @@ +../ansible_rhel/2.4-surveys \ No newline at end of file diff --git a/exercises/ansible_rhel_90/README.md b/exercises/ansible_rhel_90/README.md new file mode 100644 index 000000000..4eb645e69 --- /dev/null +++ b/exercises/ansible_rhel_90/README.md @@ -0,0 +1,35 @@ +# Ansible Workshop - Ansible for Red Hat Enterprise Linux (90 mins) + +Ansible is a simple yet powerful IT automation engine for application deployment, configuration management, and orchestration that you can learn quickly. + +## Presentations + +The exercises are self explanatory and guide the participants through the entire lab. All concepts are explained when they are introduced. + +(**coming soon)**There is an optional presentation available to support the workshops and explain Automation, the basics of Ansible and the topics of the exercises in more detail: +[Ansible RHEL Automation](../../decks/ansible_rhel.pdf) +[WIP: Google source - Red Hat only](https://drive.google.com/open?id=143JtFwmz469ucKNbB4L5T-PtKfurjpcOmCICzSbwm3Y) + +Also have a look at our Ansible Best Practices Deck: +[Ansible Best Practices](../../decks/ansible_best_practices.pdf) + +## Time planning + +This workshop was created to last about 90 minutes and focuses more on targetting every day use cases to apply automation. + +## Section 1 - Ansible Engine Exercises + + - [Exercise 1 - Overview of public cloud provisioning](1-setup) + - [Exercise 2 - Converting bash/shell commands to Ansible](2-adhoc) + - [Exercise 3 - Retrieving information from automation hosts](3-variables) + - [Exercise 4 - Deploying applications to linux hosts](4-roles) + - [Exercise 5 - Self-service IT via surveys](5-surveys) + - [**(coming soon)**Exercise 6 - Overview of system roles for RHEL](6-system-roles) + - [**(coming soon)**Exercise 7 - Overview of Red Hat Insights integration](7-insights) + +## Additional information + + - [Ansible Getting Started](http://docs.ansible.com/ansible/latest/intro_getting_started.html) + +--- +![Red Hat Ansible Automation](../../images/rh-ansible-automation-platform.png) diff --git a/images/rh-ansible-automation-platform.png b/images/rh-ansible-automation-platform.png index c607a917b..1d371e5c0 100644 Binary files a/images/rh-ansible-automation-platform.png and b/images/rh-ansible-automation-platform.png differ diff --git a/provisioner/README.md b/provisioner/README.md index a70aa820e..0225aa904 100644 --- a/provisioner/README.md +++ b/provisioner/README.md @@ -143,12 +143,6 @@ What does the AWS provisioner take care of automatically? - Creation of an internet gateway for the VPC - Creation of route table for VPC (for reachability from internet) -# Remote Desktop - -If you used `xrdp: true` you will the ability to remote desktop to the control node. - -The provisioner has the ability to install [xrdp](http://www.xrdp.org/) with [xfce](https://xfce.org/) for graphical interface. The xrdp application is a an open source remote desktop protocol(rdp) server. Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly. - # Getting Help Please file issues on Github. Please fill out all required information. Your issue will be closed if there if you skip required information in the Github issues template. diff --git a/provisioner/group_vars/all.yml b/provisioner/group_vars/all.yml index 2d65903c7..51a46dba8 100644 --- a/provisioner/group_vars/all.yml +++ b/provisioner/group_vars/all.yml @@ -5,10 +5,10 @@ workshop_dns_zone: "rhdemo.io" s3_state: "present" teardown: false towerinstall: false +populatetower: true website_information: "" dns_information: "No errors with DNS" callback_information: "No issue with Ansible Tower callback" -coder_information: "No issue with VS code integration" workshop_type: "" dns_type: aws valid_dns_type: @@ -22,6 +22,7 @@ valid_workshop_types: - security - storage - windows + - rhel_90 network_type: multivendor valid_network_types: - cisco diff --git a/provisioner/networking.yml b/provisioner/networking.yml index fa092d992..5ebac910b 100644 --- a/provisioner/networking.yml +++ b/provisioner/networking.yml @@ -48,17 +48,3 @@ type: core when: - ansible_network_os == "ios" or ansible_network_os == "eos" - -- name: populate ansible tower for network automation workshop - hosts: control_nodes - become: true - gather_facts: false - - tasks: - - name: run populate_tower role - include_role: - name: populate_tower - tasks_from: "{{workshop_type}}" - when: - - towerinstall is defined - - towerinstall|bool diff --git a/provisioner/provision_lab.yml b/provisioner/provision_lab.yml index 02be7004c..f3ad3b84f 100644 --- a/provisioner/provision_lab.yml +++ b/provisioner/provision_lab.yml @@ -197,6 +197,19 @@ - dns_type == "aws" tags: control_node +- name: populate ansible tower + hosts: control_nodes + become: true + gather_facts: false + + tasks: + - name: run populate_tower role + include_role: + name: populate_tower + when: + - towerinstall is defined + - towerinstall|bool + - populatetower - name: Setup Amazon S3 Website for Student Login hosts: localhost @@ -240,7 +253,6 @@ ******************* {{dns_information}} {{callback_information}} - {{coder_information}} - name: Print Summary Information debug: diff --git a/provisioner/rhel.yml b/provisioner/rhel.yml index d210881fe..0d4837701 100644 --- a/provisioner/rhel.yml +++ b/provisioner/rhel.yml @@ -3,5 +3,7 @@ hosts: lab_hosts become: true gather_facts: false - roles: - - {role: webservers} + tasks: + - name: configure RHEL webservers + include_role: + name: webservers diff --git a/provisioner/rhel_90.yml b/provisioner/rhel_90.yml new file mode 100644 index 000000000..0d4837701 --- /dev/null +++ b/provisioner/rhel_90.yml @@ -0,0 +1,9 @@ +--- +- name: configure rhel workshop for webservers + hosts: lab_hosts + become: true + gather_facts: false + tasks: + - name: configure RHEL webservers + include_role: + name: webservers diff --git a/provisioner/roles/control_node/defaults/main.yml b/provisioner/roles/control_node/defaults/main.yml deleted file mode 100644 index dfc0c8424..000000000 --- a/provisioner/roles/control_node/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -xrdp: false diff --git a/provisioner/roles/control_node/tasks/devops.yml b/provisioner/roles/control_node/tasks/devops.yml index d3164ce83..261662588 100644 --- a/provisioner/roles/control_node/tasks/devops.yml +++ b/provisioner/roles/control_node/tasks/devops.yml @@ -1,21 +1,4 @@ --- -- name: Create lab inventory directory - file: - state: directory - path: "/home/{{ username }}/devops-workshop/lab_inventory" - owner: "{{ username }}" - group: "{{ username }}" - recurse: true - -- name: Put student inventory in proper spot - copy: - src: ./{{ec2_name_prefix}}/{{ username }}-instances.txt - dest: "/home/{{ username }}/devops-workshop/lab_inventory/hosts" - owner: "{{ username }}" - group: "{{ username }}" - when: username in inventory_hostname - - - name: ENSURE THAT DOCKER IS INSTALLED dnf: name: docker diff --git a/provisioner/roles/control_node/tasks/f5.yml b/provisioner/roles/control_node/tasks/f5.yml index b9fdb6f4c..67e6236d5 100644 --- a/provisioner/roles/control_node/tasks/f5.yml +++ b/provisioner/roles/control_node/tasks/f5.yml @@ -20,25 +20,10 @@ - jmespath state: latest -- name: Move networking workshop folder to correct location (F5 MODE) +- name: Move networking workshop folder to correct location (F5 MODE) copy: src: /tmp/workshops/exercises/ansible_f5/ dest: /home/{{ username }}/networking-workshop remote_src: true owner: "{{ username }}" group: "{{ username }}" - -- name: Create lab inventory directory (F5 MODE) - file: - state: directory - path: /home/{{ username }}/networking-workshop/lab_inventory - owner: "{{ username }}" - group: "{{ username }}" - -- name: Put student inventory in proper spot (F5 MODE) - copy: - src: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ username }}-instances.txt" - dest: "/home/{{ username }}/networking-workshop/lab_inventory/hosts" - owner: "{{ username }}" - group: "{{ username }}" - when: username in inventory_hostname diff --git a/provisioner/roles/control_node/tasks/gui.yml b/provisioner/roles/control_node/tasks/gui.yml deleted file mode 100644 index 7cca54ece..000000000 --- a/provisioner/roles/control_node/tasks/gui.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: ADD THE KEY FOR VSCODE - rpm_key: - state: present - key: https://packages.microsoft.com/keys/microsoft.asc - -- name: ADD THE VSCODE RPM INFO - copy: - src: files/vscode_rpminfo - dest: /etc/dnf.repos.d/vscode.repo - -- name: ENSURE XRDP IS INSTALLED - dnf: name=xrdp - -# RHEL does not officially support XFCE, keep this in mind -# https://access.redhat.com/solutions/56723 -- name: ENSURE XFCE IS INSTALLED - dnf: - name: "@xfce" - skip_broken: true - -- name: ENSURE XCLIENTS IS PRESENT - file: - path: "/home/{{ username }}/.Xclients" - mode: 0755 - state: touch - -- name: ENSURE XFCE IS CONFIGURED - shell: "echo xfce4-session > /home/{{ username }}/.Xclients" - -- name: ENSURE VSCODE IS INSTALLED - dnf: name=code - -- name: Start xrdp service - service: name=xrdp state=started diff --git a/provisioner/roles/control_node/tasks/main.yml b/provisioner/roles/control_node/tasks/main.yml index 9d5481624..285ff2ed3 100644 --- a/provisioner/roles/control_node/tasks/main.yml +++ b/provisioner/roles/control_node/tasks/main.yml @@ -78,18 +78,12 @@ - "{{ansible_user}}" - "{{username}}" -# FIXME: This should probably be refactored to use things like the following -# instead of hard coding -# -# command: cp -r /tmp/linklight/exercises/{{workshop_type}}/ /home/{{ username }}/{{workshop_type}}-workshop/ -# -# That would enable a more generic role/scaffolding -- name: clean out /tmp/linklight +- name: clean out /tmp/workshops file: - path: /tmp/linklight + path: /tmp/workshops state: absent -- name: Clone workshops repo (NETWORKING MODE) +- name: Clone workshops repo git: accept_hostkey: true clone: true @@ -101,8 +95,8 @@ - name: Move relevant exercises to correct location copy: - src: "/tmp/workshops/exercises/ansible_{{workshop_type}}/" - dest: "/home/{{ username }}/{{workshop_type}}-workshop" + src: '{{ "/tmp/workshops/" + exercise_src_location | default("exercises/ansible_" + workshop_type) }}' + dest: '{{ "/home/" + username + "/" + exercise_dest_location | default(workshop_type + "-workshop") }}' remote_src: true owner: "{{ username }}" group: "{{ username }}" @@ -111,8 +105,24 @@ - workshop_type != "networking" ## need to fix the conditionals above https://github.com/ansible/workshops/issues/743 +- name: Create lab inventory directory + file: + state: directory + path: /home/{{ username }}/lab_inventory + +- name: Put student inventory in proper spot + copy: + src: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ username }}-instances.txt" + dest: /home/{{ username }}/lab_inventory/hosts + owner: "{{ username }}" + group: "{{ username }}" + when: username in inventory_hostname + - name: setup control node for workshop type - include_tasks: "{{workshop_type}}.yml" + include_tasks: "{{item}}" + with_first_found: + - "{{role_path}}/tasks/{{workshop_type}}.yml" + - "{{role_path}}/tasks/unsupported_workshop.yml" - name: check to see if ansible tower is already up and running uri: @@ -158,7 +168,3 @@ when: - autolicense is defined - autolicense|bool - -- name: INSTALL VSCODE AND XRDP - include_tasks: gui.yml - when: xrdp|bool diff --git a/provisioner/roles/control_node/tasks/networking.yml b/provisioner/roles/control_node/tasks/networking.yml index d166a9c14..654ac720f 100644 --- a/provisioner/roles/control_node/tasks/networking.yml +++ b/provisioner/roles/control_node/tasks/networking.yml @@ -26,18 +26,3 @@ remote_src: true owner: "{{ username }}" group: "{{ username }}" - -- name: Create lab inventory directory (NETWORKING MODE) - file: - state: directory - path: /home/{{ username }}/networking-workshop/lab_inventory - owner: "{{ username }}" - group: "{{ username }}" - -- name: Put student inventory in proper spot (NETWORKING MODE) - copy: - src: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ username }}-instances.txt" - dest: "/home/{{ username }}/networking-workshop/lab_inventory/hosts" - owner: "{{ username }}" - group: "{{ username }}" - when: username in inventory_hostname diff --git a/provisioner/roles/control_node/tasks/rhel.yml b/provisioner/roles/control_node/tasks/rhel.yml deleted file mode 100644 index a1988600c..000000000 --- a/provisioner/roles/control_node/tasks/rhel.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Create lab inventory directory - file: - state: directory - path: /home/{{ username }}/lab_inventory - -- name: Put student inventory in proper spot - copy: - src: ./{{ec2_name_prefix}}/{{ username }}-instances.txt - dest: /home/{{ username }}/lab_inventory/hosts - owner: "{{ username }}" - group: "{{ username }}" - when: username in inventory_hostname diff --git a/provisioner/roles/control_node/tasks/security.yml b/provisioner/roles/control_node/tasks/security.yml index a1988600c..ed97d539c 100644 --- a/provisioner/roles/control_node/tasks/security.yml +++ b/provisioner/roles/control_node/tasks/security.yml @@ -1,13 +1 @@ --- -- name: Create lab inventory directory - file: - state: directory - path: /home/{{ username }}/lab_inventory - -- name: Put student inventory in proper spot - copy: - src: ./{{ec2_name_prefix}}/{{ username }}-instances.txt - dest: /home/{{ username }}/lab_inventory/hosts - owner: "{{ username }}" - group: "{{ username }}" - when: username in inventory_hostname diff --git a/provisioner/roles/control_node/tasks/unsupported_workshop.yml b/provisioner/roles/control_node/tasks/unsupported_workshop.yml new file mode 100644 index 000000000..8cbeb11b3 --- /dev/null +++ b/provisioner/roles/control_node/tasks/unsupported_workshop.yml @@ -0,0 +1,4 @@ +--- +- name: unsupported for this workshop type + debug: + msg: "no more setup specified for {{workshop_type}}" diff --git a/provisioner/roles/control_node/tasks/windows.yml b/provisioner/roles/control_node/tasks/windows.yml index 75ec69c5e..bf6689583 100644 --- a/provisioner/roles/control_node/tasks/windows.yml +++ b/provisioner/roles/control_node/tasks/windows.yml @@ -28,18 +28,3 @@ owner: root group: root mode: 0644 - -- name: Create lab inventory directory (WINDOWS MODE) - file: - state: directory - path: /home/{{ username }}/windows-workshop/lab_inventory - owner: "{{ username }}" - group: "{{ username }}" - -- name: Put student inventory in proper spot (WINDOWS MODE) - copy: - src: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ username }}-instances.txt" - dest: "/home/{{ username }}/windows-workshop/lab_inventory/hosts" - owner: "{{ username }}" - group: "{{ username }}" - when: username in inventory_hostname diff --git a/provisioner/roles/control_node/templates/ansible.cfg.j2 b/provisioner/roles/control_node/templates/ansible.cfg.j2 index 60c650666..34691483f 100644 --- a/provisioner/roles/control_node/templates/ansible.cfg.j2 +++ b/provisioner/roles/control_node/templates/ansible.cfg.j2 @@ -5,13 +5,7 @@ timeout = 60 deprecation_warnings = False host_key_checking = False retry_files_enabled = False -{% if (workshop_type == 'rhel') or (workshop_type == 'security') %} inventory = /home/{{username}}/lab_inventory/hosts -{% elif workshop_type == 'devops' %} -inventory = /home/{{username}}/devops-workshop/lab_inventory/hosts -{% else %} -inventory = /home/{{username}}/networking-workshop/lab_inventory/hosts [persistent_connection] connect_timeout = 200 command_timeout = 200 -{% endif %} diff --git a/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_f5.yml b/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_f5.yml new file mode 100644 index 000000000..f1b56fe20 --- /dev/null +++ b/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_f5.yml @@ -0,0 +1,28 @@ +--- +- name: find ami for f5 (F5 MODE) + ec2_ami_info: + region: "{{ ec2_region }}" + owners: "{{ ec2_info.f5node.owners }}" + filters: + name: "{{ ec2_info.f5node.filter }}" + architecture: "{{ ec2_info.f5node.architecture }}" + register: amis + +- name: save ami for f5 (F5 MODE) + set_fact: + f5_ami: > + {{ amis.images | selectattr('name', 'defined') | sort(attribute='creation_date') | last }} + +- name: find ami for node1 & node2 (F5 MODE) + ec2_ami_info: + region: "{{ ec2_region }}" + owners: "{{ ec2_info.rhel8.owners }}" + filters: + name: "{{ ec2_info.rhel8.filter }}" + architecture: "{{ ec2_info.rhel8.architecture }}" + register: amis + +- name: save ami for node1 & node2 (F5 MODE) + set_fact: + node1_ami: > + {{ amis.images | selectattr('name', 'defined') | sort(attribute='creation_date') | last }} diff --git a/provisioner/roles/manage_ec2_instances/tasks/ami_find_networking.yml b/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_networking.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/ami_find_networking.yml rename to provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_networking.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/ami_find_rhel.yml b/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_rhel.yml similarity index 99% rename from provisioner/roles/manage_ec2_instances/tasks/ami_find_rhel.yml rename to provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_rhel.yml index 7203c418f..c34adaef2 100644 --- a/provisioner/roles/manage_ec2_instances/tasks/ami_find_rhel.yml +++ b/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_rhel.yml @@ -1,5 +1,4 @@ --- - - name: find ami for node ec2_ami_info: region: "{{ ec2_region }}" diff --git a/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_rhel_90.yml b/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_rhel_90.yml new file mode 100644 index 000000000..f36772f4b --- /dev/null +++ b/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_rhel_90.yml @@ -0,0 +1,4 @@ +--- +## re-use RHEL workshop code +- name: find ami + include_tasks: ami_find_rhel.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/ami_find_security.yml b/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_security.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/ami_find_security.yml rename to provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_security.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/ami_find_windows.yml b/provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_windows.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/ami_find_windows.yml rename to provisioner/roles/manage_ec2_instances/tasks/ami_find/ami_find_windows.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/create_inventory.yml b/provisioner/roles/manage_ec2_instances/tasks/create_inventory.yml index 06b15a840..32ee30a7c 100644 --- a/provisioner/roles/manage_ec2_instances/tasks/create_inventory.yml +++ b/provisioner/roles/manage_ec2_instances/tasks/create_inventory.yml @@ -23,26 +23,5 @@ - control_nodes with_items: "{{ ansible_node_facts.instances }}" -- name: RHEL mode - setup inventory - include_tasks: "addhost_rhel.yml" - when: workshop_type == 'rhel' - -- name: networking mode - setup inventory - include_tasks: "addhost_networking.yml" - when: workshop_type == 'networking' - -- name: f5 mode - setup inventory - include_tasks: "addhost_f5.yml" - when: workshop_type == 'f5' - -- name: DevOps mode - setup inventory - include_tasks: "addhost_devops.yml" - when: workshop_type == 'devops' - -- name: security mode - setup inventory - include_tasks: "addhost_security.yml" - when: workshop_type == 'security' - -- name: windows mode - setup inventory - include_tasks: "addhost_windows.yml" - when: workshop_type == 'windows' +- name: setup inventory + include_tasks: "inventory/addhost_{{workshop_type}}.yml" diff --git a/provisioner/roles/manage_ec2_instances/tasks/instances_devops.yml b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_devops.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/instances_devops.yml rename to provisioner/roles/manage_ec2_instances/tasks/instances/instances_devops.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/instances_f5.yml b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_f5.yml similarity index 83% rename from provisioner/roles/manage_ec2_instances/tasks/instances_f5.yml rename to provisioner/roles/manage_ec2_instances/tasks/instances/instances_f5.yml index ce7fa151e..42bdc3a03 100644 --- a/provisioner/roles/manage_ec2_instances/tasks/instances_f5.yml +++ b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_f5.yml @@ -1,19 +1,5 @@ --- ############## f5 node ############## -- name: find ami for f5 (F5 MODE) - ec2_ami_info: - region: "{{ ec2_region }}" - owners: "{{ ec2_info.f5node.owners }}" - filters: - name: "{{ ec2_info.f5node.filter }}" - architecture: "{{ ec2_info.f5node.architecture }}" - register: amis - -- name: save ami for f5 (F5 MODE) - set_fact: - f5_ami: > - {{ amis.images | selectattr('name', 'defined') | sort(attribute='creation_date') | last }} - - name: Create EC2 instances for f5 node (F5 MODE) ec2: assign_public_ip: true @@ -50,20 +36,6 @@ - "{{ f5_output.instance_ids }}" when: f5_output.instance_ids is not none -- name: find ami for node1 & node2 (F5 MODE) - ec2_ami_info: - region: "{{ ec2_region }}" - owners: "{{ ec2_info.rhel8.owners }}" - filters: - name: "{{ ec2_info.rhel8.filter }}" - architecture: "{{ ec2_info.rhel8.architecture }}" - register: amis - -- name: save ami for node1 & node2 (F5 MODE) - set_fact: - node1_ami: > - {{ amis.images | selectattr('name', 'defined') | sort(attribute='creation_date') | last }} - - name: Create EC2 instances for node1 node in VPC (F5 MODE) ec2: assign_public_ip: true diff --git a/provisioner/roles/manage_ec2_instances/tasks/instances_networking.yml b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_networking.yml similarity index 99% rename from provisioner/roles/manage_ec2_instances/tasks/instances_networking.yml rename to provisioner/roles/manage_ec2_instances/tasks/instances/instances_networking.yml index 0cb79ee67..ce3bd149d 100644 --- a/provisioner/roles/manage_ec2_instances/tasks/instances_networking.yml +++ b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_networking.yml @@ -1,6 +1,4 @@ --- -- import_tasks: ami_find_networking.yml - - name: set router types to network_type set_fact: rtr1_type: "{{network_type}}" diff --git a/provisioner/roles/manage_ec2_instances/tasks/instances_rhel.yml b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_rhel.yml similarity index 98% rename from provisioner/roles/manage_ec2_instances/tasks/instances_rhel.yml rename to provisioner/roles/manage_ec2_instances/tasks/instances/instances_rhel.yml index 5fe17c037..fa80b93a6 100644 --- a/provisioner/roles/manage_ec2_instances/tasks/instances_rhel.yml +++ b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_rhel.yml @@ -1,7 +1,4 @@ --- -- name: find amis - import_tasks: ami_find_rhel.yml - - name: Create EC2 instances for node1 ec2: assign_public_ip: true diff --git a/provisioner/roles/manage_ec2_instances/tasks/instances/instances_rhel_90.yml b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_rhel_90.yml new file mode 100644 index 000000000..b1cdd3fd9 --- /dev/null +++ b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_rhel_90.yml @@ -0,0 +1,4 @@ +--- +## re-use RHEL workshop code +- name: provision aws resources + include_tasks: instances_rhel.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/instances_security.yml b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_security.yml similarity index 98% rename from provisioner/roles/manage_ec2_instances/tasks/instances_security.yml rename to provisioner/roles/manage_ec2_instances/tasks/instances/instances_security.yml index 74baa8854..f8adae008 100644 --- a/provisioner/roles/manage_ec2_instances/tasks/instances_security.yml +++ b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_security.yml @@ -1,6 +1,4 @@ --- -- import_tasks: ami_find_security.yml - - set_fact: async_timeout_seconds: "{{ student_total * 60 }}" async_wait_for_retries: "{{ student_total * 10 }}" diff --git a/provisioner/roles/manage_ec2_instances/tasks/instances_storage.yml b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_storage.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/instances_storage.yml rename to provisioner/roles/manage_ec2_instances/tasks/instances/instances_storage.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/instances_windows.yml b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_windows.yml similarity index 99% rename from provisioner/roles/manage_ec2_instances/tasks/instances_windows.yml rename to provisioner/roles/manage_ec2_instances/tasks/instances/instances_windows.yml index db2ade200..d6f381612 100644 --- a/provisioner/roles/manage_ec2_instances/tasks/instances_windows.yml +++ b/provisioner/roles/manage_ec2_instances/tasks/instances/instances_windows.yml @@ -1,6 +1,4 @@ --- -- import_tasks: ami_find_windows.yml - - name: WINDOWS | GitLab | Launch Instance ec2: assign_public_ip: true diff --git a/provisioner/roles/manage_ec2_instances/tasks/addhost_devops.yml b/provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_devops.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/addhost_devops.yml rename to provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_devops.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/addhost_f5.yml b/provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_f5.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/addhost_f5.yml rename to provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_f5.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/addhost_networking.yml b/provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_networking.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/addhost_networking.yml rename to provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_networking.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/addhost_rhel.yml b/provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_rhel.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/addhost_rhel.yml rename to provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_rhel.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_rhel_90.yml b/provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_rhel_90.yml new file mode 100644 index 000000000..b3c3a2054 --- /dev/null +++ b/provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_rhel_90.yml @@ -0,0 +1,4 @@ +--- +## re-use RHEL workshop code +- name: provision aws resources + include_tasks: addhost_rhel.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/addhost_security.yml b/provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_security.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/addhost_security.yml rename to provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_security.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/addhost_windows.yml b/provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_windows.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/addhost_windows.yml rename to provisioner/roles/manage_ec2_instances/tasks/inventory/addhost_windows.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/provision.yml b/provisioner/roles/manage_ec2_instances/tasks/provision.yml index 7c28199e3..04a732d07 100644 --- a/provisioner/roles/manage_ec2_instances/tasks/provision.yml +++ b/provisioner/roles/manage_ec2_instances/tasks/provision.yml @@ -7,11 +7,11 @@ ## These AWS resources are used for every workshop type ## This includes VPC, subnet, Security Group, Internet Gateway and route table - name: provision aws resources - include_tasks: resources.yml + include_tasks: resources/resources.yml ## This duplicates the above when networking workshop uses 2 VPCs - name: provision networking aws resources - include_tasks: resources_{{workshop_type}}.yml + include_tasks: resources/resources_{{workshop_type}}.yml when: workshop_type == 'networking' - name: find ami for ansible control node @@ -71,6 +71,10 @@ - "{{ control_output.instances }}" when: control_output.instance_ids is not none +## find AMI - amazon machine images dynamically +- name: find correct AMI + include_tasks: 'ami_find/ami_find_{{workshop_type}}.yml' + ## Instance creation - name: provision workshop instances - include_tasks: 'instances_{{workshop_type}}.yml' + include_tasks: 'instances/instances_{{workshop_type}}.yml' diff --git a/provisioner/roles/manage_ec2_instances/tasks/resources.yml b/provisioner/roles/manage_ec2_instances/tasks/resources/resources.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/resources.yml rename to provisioner/roles/manage_ec2_instances/tasks/resources/resources.yml diff --git a/provisioner/roles/manage_ec2_instances/tasks/resources_networking.yml b/provisioner/roles/manage_ec2_instances/tasks/resources/resources_networking.yml similarity index 100% rename from provisioner/roles/manage_ec2_instances/tasks/resources_networking.yml rename to provisioner/roles/manage_ec2_instances/tasks/resources/resources_networking.yml diff --git a/provisioner/roles/populate_tower/tasks/main.yml b/provisioner/roles/populate_tower/tasks/main.yml new file mode 100644 index 000000000..f46bb4a3d --- /dev/null +++ b/provisioner/roles/populate_tower/tasks/main.yml @@ -0,0 +1,83 @@ +--- +#### INVENTORY +- name: create workshop inventory + tower_inventory: + name: "Workshop Inventory" + organization: "Default" + tower_username: admin + tower_password: "{{ admin_password }}" + tower_host: "{{ ansible_host }}" + tower_verify_ssl: false + +- name: import inventory + shell: 'tower-manage inventory_import --source=/home/{{ username }}/lab_inventory/hosts --inventory-name="Workshop Inventory"' +#### END OF INVENTORY + +#### CREDENTIAL +- name: add SSH credential into Ansible Tower + tower_credential: + username: ec2-user + name: "Workshop Credential" + ssh_key_data: "{{ lookup('file', playbook_dir +'/' + ec2_name_prefix + '/' + ec2_name_prefix + '-private.pem') }}" + kind: ssh + organization: "Default" + tower_username: admin + tower_password: "{{ admin_password }}" + tower_host: "{{ ansible_host }}" + tower_verify_ssl: false + +- name: add tower credential into ansible tower + tower_credential: + host: "{{ansible_host}}" + username: admin + password: "{{admin_password}}" + name: "Tower Credential" + kind: tower + organization: Default + tower_username: admin + tower_password: "{{ admin_password }}" + tower_host: "{{ ansible_host }}" + tower_verify_ssl: false +#### END OF CREDENTIAL + +#### REMOVE BUILT-IN DEMO CONTENT +- name: delete demo job template + tower_job_template: + name: "Demo Job Template" + job_type: "run" + project: "Demo Project" + playbook: "hello_world.yml" + state: absent + tower_username: admin + tower_password: "{{ admin_password }}" + tower_host: "{{ ansible_host }}" + tower_verify_ssl: false + +- name: remove demo credential + tower_credential: + username: admin + name: "Demo Credential" + kind: ssh + state: absent + organization: "" + tower_username: admin + tower_password: "{{ admin_password }}" + tower_host: "{{ ansible_host }}" + tower_verify_ssl: false + +- name: remove demo inventory + tower_inventory: + name: "Demo Inventory" + organization: "Default" + state: absent + tower_username: admin + tower_password: "{{ admin_password }}" + tower_host: "{{ ansible_host }}" + tower_verify_ssl: false +#### END OF REMOVE BUILT-IN DEMO CONTENT + +- name: setup workshop specific tower information + include_tasks: "{{item}}" + with_first_found: + - "{{role_path}}/tasks/{{workshop_type}}.yml" + - "{{role_path}}/tasks/unsupported_workshop.yml" diff --git a/provisioner/roles/populate_tower/tasks/networking.yaml b/provisioner/roles/populate_tower/tasks/networking.yaml index 17c9f9339..12dd721cf 100644 --- a/provisioner/roles/populate_tower/tasks/networking.yaml +++ b/provisioner/roles/populate_tower/tasks/networking.yaml @@ -20,16 +20,6 @@ tower_host: "{{ ansible_host }}" tower_verify_ssl: false -# INVENTORY -- name: CREATE INVENTORY - tower_inventory: - name: "Workshop Inventory" - organization: REDHAT NETWORK ORGANIZATION - tower_username: admin - tower_password: "{{ admin_password }}" - tower_host: "{{ ansible_host }}" - tower_verify_ssl: false - # TEAMS - name: CREATE NETOPS TEAM tower_team: @@ -228,34 +218,6 @@ tower_host: "{{ ansible_host }}" validate_certs: false -- name: ADD CREDENTIAL INTO TOWER - tower_credential: - username: ec2-user - name: "Workshop Credential" - ssh_key_data: "{{ lookup('file', playbook_dir +'/' + ec2_name_prefix + '/' + ec2_name_prefix + '-private.pem') }}" - kind: ssh - organization: REDHAT NETWORK ORGANIZATION - tower_username: admin - tower_password: "{{ admin_password }}" - tower_host: "{{ ansible_host }}" - tower_verify_ssl: false - -- name: ADD TOWER CREDENTIAL INTO TOWER - tower_credential: - host: "{{ansible_host}}" - username: admin - password: "{{admin_password}}" - name: "Tower Credential" - kind: tower - organization: Default - tower_username: admin - tower_password: "{{ admin_password }}" - tower_host: "{{ ansible_host }}" - tower_verify_ssl: false - -- name: IMPORT INVENTORY - shell: 'tower-manage inventory_import --source=/home/{{ username }}/networking-workshop/lab_inventory/hosts --inventory-name="Workshop Inventory"' - # REMOVE HARD CODED SSH_KEY VAR - name: REMOVE HARD CODED SSH KEY VAR IN INVENTORY uri: @@ -273,23 +235,6 @@ register: result_uri ignore_errors: true -# JOB TEMPLATES -# Commenting out as students will not create this# -# - name: CREATE BACKUP JOB IN TOWER -# tower_job_template: -# name: "Network-Backup" -# job_type: "run" -# inventory: "Workshop Inventory" -# project: "Workshop Project" -# playbook: "network_backup.yml" -# credential: "Workshop Credential" -# state: "present" -# limit: "cisco" -# tower_username: admin -# tower_password: "{{ admin_password }}" -# tower_host: "{{ ansible_host }}" -# tower_verify_ssl: no - - name: CREATE SHOW COMMAND JOB IN TOWER tower_job_template: name: "Network-Commands" diff --git a/provisioner/roles/populate_tower/tasks/security.yml b/provisioner/roles/populate_tower/tasks/security.yml index 0f7630260..01d9bbc2b 100644 --- a/provisioner/roles/populate_tower/tasks/security.yml +++ b/provisioner/roles/populate_tower/tasks/security.yml @@ -1,16 +1,4 @@ --- -# Inventory -- name: Create inventory - tower_inventory: - name: "Workshop Inventory" - organization: "Default" - tower_username: admin - tower_password: "{{ admin_password }}" - tower_host: "{{ username }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}" - -- name: Import existing inventory into Tower - command: "awx-manage inventory_import --source=/home/{{ username }}/lab_inventory/hosts --inventory-id=2" - # Teams - name: Create analyst team tower_team: @@ -144,18 +132,6 @@ tower_password: "{{ admin_password }}" tower_host: "{{ username }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}" -# Credentials -- name: Add ec2-user credential to Tower - tower_credential: - username: ec2-user - name: "ec2-user credential" - ssh_key_data: "{{ lookup('file', playbook_dir +'/' + ec2_name_prefix + '/' + ec2_name_prefix + '-private.pem') }}" - kind: ssh - organization: "Default" - tower_username: admin - tower_password: "{{ admin_password }}" - tower_host: "{{ username }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}" - # Add repository as project - name: Add git repository as Tower project tower_project: @@ -193,7 +169,7 @@ playbook: "idps_log.yml" state: "present" limit: "snort" - credential: "ec2-user credential" + credential: "Workshop Credential" become_enabled: true tower_username: admin tower_password: "{{ admin_password }}" @@ -233,7 +209,7 @@ project: "Workshop Project" playbook: "rollback.yml" state: "present" - credential: "ec2-user credential" + credential: "Workshop Credential" tower_username: admin tower_password: "{{ admin_password }}" tower_host: "{{ username }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }}" @@ -247,7 +223,7 @@ playbook: "snort_rule.yml" state: "present" limit: "snort" - credential: "ec2-user credential" + credential: "Workshop Credential" become_enabled: true survey_enabled: true survey_spec: "{{ lookup('template', 'security_survey_ids_rule.json') }}" @@ -264,7 +240,7 @@ playbook: "ddos_attack_simulation.yml" state: "present" limit: "attacker" - credential: "ec2-user credential" + credential: "Workshop Credential" become_enabled: true tower_username: admin tower_password: "{{ admin_password }}" @@ -279,7 +255,7 @@ playbook: "ddos_stop_simulation.yml" state: "present" limit: "attacker" - credential: "ec2-user credential" + credential: "Workshop Credential" become_enabled: true tower_username: admin tower_password: "{{ admin_password }}" diff --git a/provisioner/roles/populate_tower/tasks/unsupported_workshop.yml b/provisioner/roles/populate_tower/tasks/unsupported_workshop.yml new file mode 100644 index 000000000..c67367163 --- /dev/null +++ b/provisioner/roles/populate_tower/tasks/unsupported_workshop.yml @@ -0,0 +1,4 @@ +--- +- name: unsupported workshop for populate_tower role + debug: + msg: "no more setup for populate_tower role the {{workshop_type}} does not have any specific setup specified" diff --git a/provisioner/roles/populate_tower/tasks/windows.yml b/provisioner/roles/populate_tower/tasks/windows.yml index 4fea0a9da..56a132f23 100644 --- a/provisioner/roles/populate_tower/tasks/windows.yml +++ b/provisioner/roles/populate_tower/tasks/windows.yml @@ -2,97 +2,6 @@ - set_fact: userid: "{{ inventory_hostname | regex_replace('[^0-9]', '') }}" -- name: Remove demo job template - shell: awx-cli job_template delete -n "Demo Job Template" --project "Demo Project" --playbook "hello_world.yml" --insecure -u {{ username }} -p {{ admin_password }} - ignore_errors: true - failed_when: false - -# - name: Remove demo job template -# tower_job_template: -# name: "Demo Job Template" -# job_type: run -# project: "Demo Project" -# playbook: "hello_world.yml" -# state: absent -# validate_certs: false -# tower_password: "{{ admin_password }}" -# tower_username: "{{ username }}" -# tower_host: https://{{ username }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }} - -- name: Remove demo project - shell: awx-cli project delete -n "Demo Project" --insecure -u {{ username }} -p {{ admin_password }} - ignore_errors: true - failed_when: false - -# - name: Remove demo project -# tower_project: -# name: "Demo Project" -# state: absent -# validate_certs: false -# tower_password: "{{ admin_password }}" -# tower_username: "{{ username }}" -# tower_host: https://{{ username }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }} - -- name: Remove demo credential - shell: awx-cli credential delete -n Demo --credential-type Machine --insecure -u {{ username }} -p {{ admin_password }} - ignore_errors: true - failed_when: false - -# - name: Remove demo credential -# tower_credential: -# name: "Demo" -# kind: ssh -# organization: "Default" -# state: absent -# validate_certs: false -# tower_password: "{{ admin_password }}" -# tower_username: "{{ username }}" -# tower_host: https://{{ username }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }} - -- name: Remove demo inventory - shell: awx-cli inventory delete -n "Demo Inventory" --organization "Default" --insecure -u {{ username }} -p {{ admin_password }} - ignore_errors: true - failed_when: false - -# - name: Remove demo inventory -# tower_inventory: -# name: "Demo Inventory" -# organization: "Default" -# state: absent -# validate_certs: false -# tower_password: "{{ admin_password }}" -# tower_username: "{{ username }}" -# tower_host: https://{{ username }}.{{ ec2_name_prefix }}.{{ workshop_dns_zone }} - -- name: Create workshop inventory - tower_inventory: - name: "Windows Workshop Inventory" - organization: Default - tower_username: admin - tower_password: "{{ admin_password }}" - tower_host: "{{ ansible_host }}" - tower_verify_ssl: false - -- name: import inventory - shell: 'tower-manage inventory_import --source=/home/{{ username }}/windows-workshop/lab_inventory/hosts --inventory-name="Windows Workshop Inventory"' - -# - name: Add win_shell/win_feature/win_reboot to allowed adhoc modules -# uri: -# url: https://localhost/api/v2/settings/all/ -# method: PATCH -# user: admin -# password: "{{ admin_password }}" -# body: "{{ lookup('template','tower_config_adhoc.json.j2') }}" -# body_format: json -# validate_certs: false -# force_basic_auth: true -# status_code: -# - 200 -# - 204 -# - 400 -# register: response -# changed_when: response.status == 200 - - name: Add win_shell/win_feature/win_reboot to allowed adhoc modules tower_settings: name: AD_HOC_COMMANDS @@ -111,4 +20,3 @@ path: /etc/tower/settings.py regexp: 'GIT_SSL_NO_VERIFY' line: "AWX_TASK_ENV['GIT_SSL_NO_VERIFY'] = 'True'" - # notify: restart tower diff --git a/provisioner/roles/webservers/tasks/main.yml b/provisioner/roles/webservers/tasks/main.yml index 59d65eba3..105ddf13d 100644 --- a/provisioner/roles/webservers/tasks/main.yml +++ b/provisioner/roles/webservers/tasks/main.yml @@ -6,5 +6,5 @@ - name: setup workshop specific webserver information include_tasks: "{{item}}" with_first_found: - - "{{workshop_type}}.yml" - - "unsupported_workshop.yml" + - "{{role_path}}/tasks/{{workshop_type}}.yml" + - "{{role_path}}/tasks/unsupported_workshop.yml" diff --git a/provisioner/roles/webservers/tasks/rhel.yml b/provisioner/roles/webservers/tasks/rhel.yml deleted file mode 100644 index ed97d539c..000000000 --- a/provisioner/roles/webservers/tasks/rhel.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/provisioner/sample_workshops/sample-vars-f5.yml b/provisioner/sample_workshops/sample-vars-f5.yml index 31a18ddec..fbd0138ec 100644 --- a/provisioner/sample_workshops/sample-vars-f5.yml +++ b/provisioner/sample_workshops/sample-vars-f5.yml @@ -14,5 +14,3 @@ admin_password: ansible dns_type: aws # creates HTML website for workshop create_login_page: true -# install xrdp with xfce for graphical interface -xrdp: true diff --git a/provisioner/security.yml b/provisioner/security.yml index 4c249c635..c7fa43d87 100644 --- a/provisioner/security.yml +++ b/provisioner/security.yml @@ -117,20 +117,6 @@ include_role: name: "webservers_attack_simulation" -- name: Populate Tower - hosts: control_nodes - gather_facts: true - become: true - - tasks: - - name: Create Tower student resources - include_role: - name: populate_tower - tasks_from: "{{workshop_type}}" - when: - - towerinstall is defined - - towerinstall|bool - - name: SETUP WINDOWS WORKSTATION hosts: windows roles: diff --git a/provisioner/windows.yml b/provisioner/windows.yml index 8c9a9cd1d..5e5d06d49 100644 --- a/provisioner/windows.yml +++ b/provisioner/windows.yml @@ -1,18 +1,4 @@ --- -- name: Populate Tower - hosts: control_nodes - gather_facts: true - become: true - - tasks: - - name: Create Tower student resources - include_role: - name: populate_tower - tasks_from: windows.yml - when: - - towerinstall is defined - - towerinstall|bool - - name: Configure GitLab Host hosts: gitlab become: true