RHEL Ex. 2.3 - 2.4 failure to create Webserver inventory leads to loss of Tower access

[dpullman-emergent]

SUMMARY

We had at least two students yesterday lose access to the Tower and Code URLs on their control node. The issue in both cases was the incorrect installation of firewalld (and httpd) on the control node.

Exercise 2.3 has a section, AFTER the Challenge Lab, called "What About Some Practice?". In this section the Webserver inventory, containing only node1, is created. The section also has the following: "Warning Please make sure to finish these steps as the next chapter depends on it!".

We found that in both cases the students didn't complete this section. When they went to Ex. 2.4, Create a Template with a Survey, they used the Workshop inventory. This installed httpd and firewalld on the control node, which prevents access to either URL.

Suggestions:

• Move the "What About Some Practice?" section before the Challenge Lab, making it an expicit named section in the exercise ("Ask for Inventory")
• Add a note in 2.4 Create a Template with a Survey to ensure you are using the Webserver inventory, DO NOT use Workshop inventory

ISSUE TYPE

• Bug Report

EXTRA VARS FILE

---
# Where to provision (Don't change: only testing ec2)
instance_loc: ec2
# region where the nodes will live
ec2_region: us-east-1
# name prefix for all the VMs
ec2_name_prefix: alfa
# creates student_total of workbenches for the workshop
student_total: 20
# Set the right workshop type, like networking, rhel or f5 (see above)
workshop_type: rhel
# OPTIONAL VARIABLES
# creates 2 windows instances per student instead of default 1
doubleup: false
# password for Ansible control node, defaults to ansible
admin_password: emergent
# creates AWS S3 website for ec2_name_prefix.workshop_dns_zone
create_login_page: true
# Sets the Route53 DNS zone to use for the S3 website
workshop_dns_zone:  ws1-lab-emergent360.com
# automatically installs Tower to control node
towerinstall: true
# automatically licenses Tower if license is provided
autolicense: true

e.g. here is an example of an extra vars file we are looking for:

$ cat ~/Github/linklight/provisioner/seans_workshop.yml
---
ec2_region: us-east-1
ec2_name_prefix: seantest
student_total: 25
admin_password: ansible
create_login_page: true

for more information on the extra vars file please refer to: https://github.com/network-automation/linklight/blob/master/provisioner/README.md

ANSIBLE VERSION

ansible 2.9.6
  config file = /home/ec2-user/workshops-master/provisioner/ansible.cfg
  configured module search path = [u'/home/ec2-user/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Sep 26 2019, 13:23:47) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

CONFIGURATION

DEFAULT_CALLBACK_WHITELIST(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = [u'time']
DEFAULT_FORKS(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = 50
DEFAULT_HOST_LIST(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = [u'/home/ec2-user/workshops-master
DEFAULT_NO_TARGET_SYSLOG(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = False
DEFAULT_SCP_IF_SSH(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = True
DEFAULT_STDOUT_CALLBACK(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = yaml
HOST_KEY_CHECKING(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = False
INTERPRETER_PYTHON(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = auto_silent
PERSISTENT_COMMAND_TIMEOUT(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = 60
PERSISTENT_CONNECT_TIMEOUT(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = 60
RETRY_FILES_ENABLED(/home/ec2-user/workshops-master/provisioner/ansible.cfg) = False

OS / ENVIRONMENT

Red Hat Enterprise Linux Server release 7.8 (Maipo)

TOWER

Tower

PLAYBOOK SHORT OUTPUT

PLAYBOOK LONG OUTPUT

[IPvSean]

should be fixed with this: #816

[dpullman-emergent]

It appears that the section in Exercise 2.3 - Projects & job templates: What About Some Practice? was removed. Also it appears that LIMIT web was asserted in the template exercises, which should prevent the install of firewalld and httpd on the control node.

However, in Exercise 2.4 - Surveys: Create a Template with a Survey, in the table under Create Template, the INVENTORY is set to Webserver, which I don't think has been created. Perhaps this should be Workshop?

[IPvSean]

@dpullman-emergent somehow missed this... let me look at Exercise 2.4

I have thought about this for some time as well. The reason we have the control node in the inventory is for future-proofing demos. This matches what we do for network automation workshop. What I am thinking of doing is removing the limit, but forcing the hosts: web in the actual playbooks themselves to make sure this won't crush students environments. Basically I have a feeling that more than 1 student will forget to add that limit....

[IPvSean]

fixed in devel

[dpullman]

Thanks Sean!