redhatnordicssa / ansible-roadshow Goto Github PK
View Code? Open in Web Editor NEWOne day hands on lab with Ansible and Ansible Tower
License: GNU General Public License v3.0
One day hands on lab with Ansible and Ansible Tower
License: GNU General Public License v3.0
PLAY RECAP ************************************************************************************************************************************************************************
client_system_2 : ok=8 changed=5 unreachable=0 failed=0
client_system_3 : ok=8 changed=0 unreachable=0 failed=0
I can't see logs or status of workflows in the Tower console when I start a new job.
There is the provision-all playbook that should do it all in one playbook run. I added instance creation and gitlab install while I tried gitlab part. Make sure all parts are included. Still missing at least:
$ ansible-playbook -i hosts site.yml
PLAY [wildflyservers] *************************************************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************************************************
fatal: [client_system_3]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 34.242.233.117 closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}
fatal: [client_system_2]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 34.246.180.58 closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}
to retry, use: --limit @/home/student/work/site.retry
PLAY RECAP ************************************************************************************************************************************************************************
client_system_2 : ok=0 changed=0 unreachable=0 failed=1
client_system_3 : ok=0 changed=0 unreachable=0 failed=1
Lab 0, make it clear that https://github.com/mglantz/ansible-roadshow should be cloned to the WORK_DIR
LAB1:
ansible -i hosts -u root all -m ping
Should be changed to:
ansible -i hosts -u student all -m ping
This is because lab 8 introduces roles, which has secrets in the inventory. Either we should create new inventory for lab 8, or add secret to the ping template. Discuss which is preferred. We need a compromise to keep description short.
Create student user on all client systems
There are no step by step instructions on how to create artifacts in tower. More detail is needed.
[student@ip-172-31-29-72 work]$ ansible -i hosts all -m ping
client_system_3 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}
client_system_1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}
client_system_2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}
Should be to control server
There are some of the same stuff in these two labs.. They should be merged
Lab 1
Instruction in lab 1 refer to ‘you got three servers assigned to you’. The email you receive when joining says refer to 'Client Systems'. Make sure those two things are aligned.
Tower installation guide is missing from content/README.md
"Finally you need to apply the newly created role to your wildflyservers group. In dir $WORK_DIR create a file named site.yml. Put the following content into the file:"
Please introduce the concept of "role".
Lab 0 refer to control server, but this isn't refered to in the diagram. Furthermore control server is not a term in Asnible. Use Tower server instead.
Lab doesn't really contain any work..
Some playbooks with faults (wrong indentation, typos, others) should be created...
The versions are not aligned.
In instructions :
$ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]
Command line gives the following :
$ansible --version
ansible 2.6.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/student/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
Please specify that the user should ssh with user : student.
"Ensure that you are logged in to your Ansible control server."
otherwise tower can't connect to self-signed ssl GitLab. This is the option:
/etc/tower/settings.py:
AWX_TASK_ENV['GIT_SSL_NO_VERIFY'] = 'True'
I tested this works.
SSH folder doesn't exist by default..
so
ssh-keyscan -H client_systemX client_systemY client_systemZ >> ~/.ssh/known_hosts
will fail...
This is "looks bad security habbit" -kinda issue, but it hurts me see we share private ssh key in github. We should generate the key for the first user, and keep inserting the key everywhere by ansible.
E.g: Run ssh-keygen on the tower machine, register and print it to local file. Then push it to all the machines for student users.
ping won't go through atm
[root@ip-172-31-29-42 work]# ansible -i hosts -u root all -m ping
52.213.129.63 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}
34.253.133.33 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}
34.245.231.98 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}
You are almost required to know git in order to complete this lab.
I suggest that a disclaimer in the top reads "you can skip this lab if you know git".
Then make the instructions more clear on how to use git with step by step instructions.
should be like:
lbservers]
client_system_1 ansible_host=54.171.199.128
[wildflyservers]
client_system_2 ansible_host=52.209.159.2
client_system_3 ansible_host=34.241.151.42
the guide doesn't mention you need to add vault credentials too, it only lists to add machine creds.
In the labs we are referring to control server. In the machine info about the labs containing IP and username we say Ansible Tower (not control server). Maybe we should change the description in the labs calling it ansible tower instead.
Set correct password for gitlab users
Create R53 A record for Gitlab server (@mglantz has a domain already set-up)
PLAY [setup stuff in Gitlab VMs] ***************************************************************************************
TASK [Gathering Facts]
This is before I setup the gitlab key. Is it expected for the playbook to fail then?
@teemu-u @pgustafs
The authenticity of host '18.196.100.102 (18.196.100.102)' can't be established.
ECDSA key fingerprint is SHA256:eFbgxanqdTzH8pOsO1PJk4nmRPmmjinrZkwaNowkA8k.
Are you sure you want to continue connecting (yes/no)? yes
fatal: [18.196.100.102]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '18.196.100.102' (ECDSA) to the list of known hosts.\r\[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n", "unreachable": true}
to retry, use: --limit @/Users/mglantz/code/github/ansible-roadshow/content/provision-all.retry
git clone https://ec2-34-243-30-147.eu-west-1.compute.amazonaws.com/root/ansible-roadshow.git
Cloning into 'ansible-roadshow'...
fatal: unable to access 'https://ec2-34-243-30-147.eu-west-1.compute.amazonaws.com/root/ansible-roadshow.git/': Peer's certificate issuer has been marked as not trusted by the user.
Use ansible-galaxy init wildfly to initialize the file structure and start from there.
You are given a task in the lab "As a first step, go ahead and create a new repository on GitHub and put the ping playbook that you created in lab-2 there.", but there is no description of how to do it.
where X,Y,Z are replaced by the numbers for servers assigned to you.
should be
client_system_X,client_system_Y,client_system_Z are replaced by the IPs for servers assigned to you.
ansible-galaxy init role_name
instead of mkdir role/wildfly ...
Add instructions how to use Gitlab where GitHub is used.
$ ansible -i hosts all -m ping
wildfly2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 34.240.6.124 port 22: Connection timed out\r\n",
"unreachable": true
}
wildfly1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 52.210.56.118 port 22: Connection timed out\r\n",
"unreachable": true
}
loadbalancer1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 34.241.117.172 port 22: Connection timed out\r\n",
"unreachable": true
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.