redhatnordicssa / ansible-roadshow Goto Github PK

PLAY RECAP ************************************************************************************************************************************************************************
client_system_2 : ok=8 changed=5 unreachable=0 failed=0
client_system_3 : ok=8 changed=0 unreachable=0 failed=0

I can't see logs or status of workflows in the Tower console when I start a new job.

There is the provision-all playbook that should do it all in one playbook run. I added instance creation and gitlab install while I tried gitlab part. Make sure all parts are included. Still missing at least:

1. tower install
2. lab machines configs
3. gitlab add users and import project.

$ ansible-playbook -i hosts site.yml

PLAY [wildflyservers] *************************************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************************************
fatal: [client_system_3]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 34.242.233.117 closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}
fatal: [client_system_2]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 34.246.180.58 closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1}
to retry, use: --limit @/home/student/work/site.retry

PLAY RECAP ************************************************************************************************************************************************************************
client_system_2 : ok=0 changed=0 unreachable=0 failed=1
client_system_3 : ok=0 changed=0 unreachable=0 failed=1

Lab 0, make it clear that https://github.com/mglantz/ansible-roadshow should be cloned to the WORK_DIR

LAB1:
ansible -i hosts -u root all -m ping

Should be changed to:

ansible -i hosts -u student all -m ping

This is because lab 8 introduces roles, which has secrets in the inventory. Either we should create new inventory for lab 8, or add secret to the ping template. Discuss which is preferred. We need a compromise to keep description short.

Create student user on all client systems

There are no step by step instructions on how to create artifacts in tower. More detail is needed.

[student@ip-172-31-29-72 work]$ ansible -i hosts all -m ping
client_system_3 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}
client_system_1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}
client_system_2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}

Should be to control server

There are some of the same stuff in these two labs.. They should be merged

Lab 1
Instruction in lab 1 refer to ‘you got three servers assigned to you’. The email you receive when joining says refer to 'Client Systems'. Make sure those two things are aligned.

Tower installation guide is missing from content/README.md

"Finally you need to apply the newly created role to your wildflyservers group. In dir $WORK_DIR create a file named site.yml. Put the following content into the file:"

Please introduce the concept of "role".

Lab 0 refer to control server, but this isn't refered to in the diagram. Furthermore control server is not a term in Asnible. Use Tower server instead.

Lab doesn't really contain any work..

Some playbooks with faults (wrong indentation, typos, others) should be created...

The versions are not aligned.

In instructions :

$ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]

Command line gives the following :

$ansible --version
ansible 2.6.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/student/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, May 31 2018, 09:41:32) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]

Please specify that the user should ssh with user : student.

"Ensure that you are logged in to your Ansible control server."

otherwise tower can't connect to self-signed ssl GitLab. This is the option:

/etc/tower/settings.py:

AWX_TASK_ENV['GIT_SSL_NO_VERIFY'] = 'True'

I tested this works.

SSH folder doesn't exist by default..

so

ssh-keyscan -H client_systemX client_systemY client_systemZ >> ~/.ssh/known_hosts

will fail...

This is "looks bad security habbit" -kinda issue, but it hurts me see we share private ssh key in github. We should generate the key for the first user, and keep inserting the key everywhere by ansible.

E.g: Run ssh-keygen on the tower machine, register and print it to local file. Then push it to all the machines for student users.

ping won't go through atm

[root@ip-172-31-29-42 work]# ansible -i hosts -u root all -m ping
52.213.129.63 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}
34.253.133.33 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}
34.245.231.98 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
"unreachable": true
}

You are almost required to know git in order to complete this lab.

I suggest that a disclaimer in the top reads "you can skip this lab if you know git".

Then make the instructions more clear on how to use git with step by step instructions.

should be like:
lbservers]
client_system_1 ansible_host=54.171.199.128

[wildflyservers]
client_system_2 ansible_host=52.209.159.2
client_system_3 ansible_host=34.241.151.42

the guide doesn't mention you need to add vault credentials too, it only lists to add machine creds.

In the labs we are referring to control server. In the machine info about the labs containing IP and username we say Ansible Tower (not control server). Maybe we should change the description in the labs calling it ansible tower instead.

Set correct password for gitlab users

Create R53 A record for Gitlab server (@mglantz has a domain already set-up)

PLAY [setup stuff in Gitlab VMs] ***************************************************************************************

TASK [Gathering Facts]
This is before I setup the gitlab key. Is it expected for the playbook to fail then?
@teemu-u @pgustafs

The authenticity of host '18.196.100.102 (18.196.100.102)' can't be established.
ECDSA key fingerprint is SHA256:eFbgxanqdTzH8pOsO1PJk4nmRPmmjinrZkwaNowkA8k.
Are you sure you want to continue connecting (yes/no)? yes
fatal: [18.196.100.102]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '18.196.100.102' (ECDSA) to the list of known hosts.\r\[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n", "unreachable": true}
to retry, use: --limit @/Users/mglantz/code/github/ansible-roadshow/content/provision-all.retry

git clone https://ec2-34-243-30-147.eu-west-1.compute.amazonaws.com/root/ansible-roadshow.git
Cloning into 'ansible-roadshow'...
fatal: unable to access 'https://ec2-34-243-30-147.eu-west-1.compute.amazonaws.com/root/ansible-roadshow.git/': Peer's certificate issuer has been marked as not trusted by the user.

Use ansible-galaxy init wildfly to initialize the file structure and start from there.

You are given a task in the lab "As a first step, go ahead and create a new repository on GitHub and put the ping playbook that you created in lab-2 there.", but there is no description of how to do it.

where X,Y,Z are replaced by the numbers for servers assigned to you.

should be

client_system_X,client_system_Y,client_system_Z are replaced by the IPs for servers assigned to you.

ansible-galaxy init role_name

instead of mkdir role/wildfly ...

Add instructions how to use Gitlab where GitHub is used.

$ ansible -i hosts all -m ping
wildfly2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 34.240.6.124 port 22: Connection timed out\r\n",
"unreachable": true
}
wildfly1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 52.210.56.118 port 22: Connection timed out\r\n",
"unreachable": true
}
loadbalancer1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 34.241.117.172 port 22: Connection timed out\r\n",
"unreachable": true
}