PARKED - switch from add_host to dynamic inventory

.gitignore

@@ -8,6 +8,7 @@ extra_vars.yml
 TODO
 TODO.md
 bak/
+provisioner/workshop_inventory/*
 *.BAK
 *.DS_Store
 *.pem
@@ -32,3 +33,4 @@ Gemfile
 _site/*
 .tox/
 provisioner/tests/ci-common.yml
+provisioner/aws_ec2.yml

README.md

@@ -33,6 +33,7 @@ The Red Hat Ansible Automation Workshops project is intended for effectively dem
  - [How to contribute](docs/contribute.md)
  - [How to use the AWS Lab Provisioner](provisioner/README.md)
  - [FAQ](docs/faq.md)
+ - [Release Process](docs/release.md)
 
 ---
 ![Red Hat Ansible Automation](images/rh-ansible-automation-platform.png)

docs/faq.md

@@ -1,6 +1,10 @@
 # FAQ for the Provisioner
 Frequently Asked Questions... or rather common problems that people have hit.
 
+## How do I do a release PR?
+
+Read this [guide](release.md)
+
 ## Problem: boto3 missing
 
 ```

docs/release.md

@@ -0,0 +1,58 @@
+# Release PR
+
+The Ansible Automation Workshops have two main branches
+
+- `master` - this is the stable supported branch.  This is what RHPDS (Red Hat Product Demo System) points to
+- `devel` - this is the development branch.  This is where PRs (Pull Requests) go into, and get tested.
+
+A **release** is when we move `devel` into `master`.  This means the stable `master` branch will pickup all new features, bug fixes and changes that `devel` branch has been testing.
+
+# How to push a release
+
+1. An administrator has to create a PR (pull request) from `devel` into `master` from `https://github.com/ansible/workshops`
+
+  ![release pr](../images/release_pr.png)
+
+2. Title the PR with `Date Release PR`
+
+  For example:
+  `April 16th, 2020 Release PR`
+
+3. Copy the last PR's contents into your new PR contents, here is an example: [https://github.com/ansible/workshops/pull/800](https://github.com/ansible/workshops/pull/800)
+
+e.g. here is a template you can use
+
+```
+# SUMMARY
+
+this is a release PR, a release PR merges the devel branch to the master branch taking in multiple PRs over the last period of time. The last release was on April 16th, 2020 https://github.com/ansible/workshops/pull/784
+
+this merges PRs for the following since the last review:
+
+- https://github.com/ansible/workshops/pull/785 - cleaning up tower exercises
+- https://github.com/ansible/workshops/pull/786 - Fix start of YAML marker
+- https://github.com/ansible/workshops/pull/790 - add synchronization with ansible/product-demos
+- https://github.com/ansible/workshops/pull/795 - new exercise for rhel lab with system roles
+- https://github.com/ansible/workshops/pull/799 - fixing RHEL workshop exercises
+
+# ISSUE TYPE
+Release PR
+
+cc @cloin @liquidat @goetzrieger @Spredzy
+```
+
+4. The goal of the PR summary is to:
+
+  - indicate this is a release PR
+  - link to the last release PR
+  - summarize all PRs into `devel` since the last time there was a release (this means only purple merged PRs, not closed PRs, or PRs still not merged yet)
+
+5. wait for CI testing to complete
+
+   ![ci testing](../images/ci.png)
+
+6. merge when you get passing CI
+
+  ![passed ci](../images/passed.png)
+
+7.  If there are major changes, announce these to Roland to make sure they reach his newsletter :)

provisioner/ansible.cfg

@@ -1,17 +1,9 @@
-# config file for ansible -- http://ansible.com/
-# ==============================================
-
-# nearly all parameters can be overridden in ansible-playbook
-# or with command line flags. ansible will read ANSIBLE_CONFIG,
-# ansible.cfg in the current working directory, .ansible.cfg in
-# the home directory or /etc/ansible/ansible.cfg, whichever it
-# finds first
-
 [defaults]
+localhost_warning = false
 interpreter_python = auto_silent
 stdout_callback = yaml
-inventory      = hosts
-forks          = 50
+inventory = workshop_inventory
+forks = 50
 host_key_checking = False
 retry_files_enabled = False
 no_target_syslog = False

provisioner/control_host

@@ -0,0 +1 @@
+18.220.232.182

provisioner/provision_lab.yml

@@ -29,8 +29,8 @@
       assert:
         that:
           - windows_password is defined
-        msg: "windows_password must be set for security automation workshop"
-      when: workshop_type == "security"
+        msg: "windows_password must be set for workshop_type: {{workshop_type}}"
+      when: workshop_type == "security" or workshop_type == "windows"
 
     - name: make sure network_type is set to a correct value
       assert:
@@ -154,6 +154,9 @@
       loop:
         - "ansible-galaxy collection install ansible.product_demos"
         - "ansible-galaxy collection install awx.awx"
+      register: galaxy
+      until: galaxy is not failed
+      retries: 5
 
 - name: Create lab instances in AWS
   hosts: localhost
@@ -164,21 +167,21 @@
     - manage_ec2_instances
 
 - name: wait for all nodes to have SSH reachability
-  hosts: "managed_nodes:control_nodes"
+  hosts: "control_nodes:lab_hosts"
   become: true
   gather_facts: false
   roles:
     - connectivity_test
 
 - name: wait for all security nodes to have SSH reachability
-  hosts: "security_connection_check"
+  hosts: "attack:snort:qradar"
   become: true
   gather_facts: false
   roles:
     - connectivity_test
 
-- name: Configure common options on managed nodes and control nodes
-  hosts: "managed_nodes:control_nodes"
+- name: Configure common options on lab_hosts and control nodes
+  hosts: "control_nodes:lab_hosts"
   gather_facts: false
   become: true
   roles:
@@ -207,6 +210,8 @@
       when:
         - dns_type is defined
         - dns_type == "aws"
+        - towerinstall is defined
+        - towerinstall
   tags: control_node
 
 - name: Setup Amazon S3 Website for Student Login

provisioner/roles/aws_dns/tasks/tower.yml

@@ -1,12 +1,15 @@
 ---
-- name: CHANGE TOWER BASE URL
-  tower_settings:
+- name: change ansible tower base URL
+  awx.awx.tower_settings:
     name: TOWER_URL_BASE
     value: "https://{{username}}.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}"
     tower_verify_ssl: false
     tower_host: localhost
     tower_username: admin
     tower_password: "{{admin_password}}"
+  register: change_base_url
+  until: change_base_url is not failed
+  retries: 5
 
 # directions found here https://certbot.eff.org/lets-encrypt/centosrhel8-other
 - name: Download and install certbot

provisioner/roles/aws_workshop_login_page/templates/index.html.j2

@@ -219,7 +219,7 @@ $("document").ready(function(){
   $click.click(function () {
 
     $clicked = $(this);
-    
+
     $expand = $(this).parent('.header').next();  // Expand and collapse content selector
 
         //open up the content needed - toggle the slide- if visible, slide up, if not slidedown.
@@ -231,13 +231,13 @@ $("document").ready(function(){
             $('html, body').animate({
                 scrollTop: 1000
             }, 500);
-            
+
         });
 
     });
     $("a[href='" + window.location.hash + "']").parent(".studentinfo").click();
-    
-    
+
+
 });
 </script>
 
@@ -398,8 +398,6 @@ $("document").ready(function(){
       <p class="studentinfo"><a href="#student{{number}}"></a>student{{number}} - Click to see login details</p>
     </div>
     <div class="content">
-{% for host in ansible_node_facts.instances %}
-{% if 'student' ~ number == host.tags.Student %}
 {% if code_server is defined and code_server %}
 <div id="section_title">VS Code access</div>
 To login to Visual Studio Code via your web browser please go here:<br>
@@ -451,12 +449,12 @@ To login to the Ansible Control Node use the following for SSH access:<br>
   </tr>
   <tr>
     <td>IP Address:</td>
-    <td><code>{{ host.public_ip_address }}</code></td>
+    <td><code>{{ hostvars[ec2_name_prefix+ '-student' + number|string + '-ansible'].ansible_host }}</code></td>
   </tr>
 </table>
 </div>
 <div id="example_login">
-<pre><code>ssh student{{number}}@{{ host.public_ip_address }}</code></pre>
+<pre><code>ssh student{{number}}@{{ hostvars[ec2_name_prefix+ '-student' + number|string + '-ansible'].ansible_host }}</code></pre>
 {% if dns_type != 'none' %}
 DNS: student{{number}}.{{ec2_name_prefix}}.{{workshop_dns_zone}}<br>
 <pre><code>ssh student{{number}}@student{{number}}.{{ec2_name_prefix}}.{{workshop_dns_zone}}</code></pre>
@@ -479,7 +477,7 @@ To login to the Ansible Tower UI use the following credentials:<br>
 {% if dns_type == 'none' %}
   <tr>
 <td>UI link:
-<td><a target=_blank href="https://{{ host.public_ip_address }}">https://{{ host.public_ip_address }}</a></td>
+<td><a href="https://{{ hostvars[ec2_name_prefix+ '-student' + number|string + '-ansible'].ansible_host }}">https://{{ hostvars[ec2_name_prefix+ '-student' + number|string + '-ansible'].ansible_host }}</a></td>
   </tr>
 {% endif %}
   <tr>
@@ -495,8 +493,6 @@ To login to the Ansible Tower UI use the following credentials:<br>
 </div>
 
 {% if workshop_type in ['devops'] %} Lab Guide: <a target=_blank href="http://student{{number}}.{{ec2_name_prefix}}.{{workshop_dns_zone}}:8888">http://student{{number}}.{{ec2_name_prefix}}.{{workshop_dns_zone}}:8888</a><br>{% endif %}
-{% endif %}
-{% endfor %}
     </div>
   </div>
 {% endfor %}

provisioner/roles/code_server/tasks/codeserver.yml

@@ -87,6 +87,9 @@
     - hnw.vscode-auto-open-markdown-preview-0.0.4.vsix
     - vscoss.vscode-ansible-0.5.2.vsix
   ignore_errors: true
+  register: install_extension
+  until: install_extension is not failed
+  retries: 5
 
 - name: start code-server service
   service:

provisioner/roles/control_node/tasks/main.yml

@@ -43,8 +43,8 @@
     group: "{{ username }}"
 
 - name: setup /etc/hosts file per student
-  copy:
-    src: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ username }}-etchosts.txt"
+  template:
+    src: "etchosts.j2"
     dest: "/etc/hosts"
     owner: "{{ username }}"
     group: "{{ username }}"
@@ -112,12 +112,11 @@
     path: /home/{{ username }}/lab_inventory
 
 - name: Put student inventory in proper spot
-  copy:
-    src: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ username }}-instances.txt"
+  template:
+    src: "{{role_path}}/templates/inventory/{{workshop_type}}.j2"
     dest: /home/{{ username }}/lab_inventory/hosts
     owner: "{{ username }}"
     group: "{{ username }}"
-  when: username in inventory_hostname
 
 - name: setup control node for workshop type
   include_tasks: "{{item}}"

provisioner/roles/control_node/templates/etchosts.j2

@@ -0,0 +1,11 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+{% for vm in groups[username] %}
+{% if hostvars[vm].short_name != "ansible" %}
+{{ hostvars[vm].ansible_host }} {{ hostvars[vm].short_name }}
+{% endif %}
+{% endfor %}
+
+{% set control_node = ec2_name_prefix + '-' + username + '-ansible' %}
+{{ hostvars[control_node].ansible_host }} {{username }}.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}} {{ hostvars[control_node].short_name }}

provisioner/roles/control_node/templates/inventory/devops.j2

@@ -0,0 +1,22 @@
+[all:vars]
+ansible_user={{username}}
+ansible_password={{ admin_password }}
+{% if ssh_port is defined %}
+ansible_port={{ ssh_port }}
+{% endif %}
+
+[sitea]
+{% set node1 = ec2_name_prefix + '-' + username + '-node1' %}
+{{ hostvars[node1].short_name }} ansible_host={{ hostvars[node1].private_ip }}
+{% set node2 = ec2_name_prefix + '-' + username + '-node2' %}
+{{ hostvars[node2].short_name }} ansible_host={{ hostvars[node2].private_ip }}
+
+[siteb]
+{% set node3 = ec2_name_prefix + '-' + username + '-node3' %}
+{{ hostvars[node3].short_name }} ansible_host={{ hostvars[node3].private_ip }}
+{% set node4 = ec2_name_prefix + '-' + username + '-node4' %}
+{{ hostvars[node4].short_name }} ansible_host={{ hostvars[node4].private_ip }}
+
+[control]
+{% set control_node = ec2_name_prefix + '-' + username + '-ansible' %}
+{{ hostvars[control_node].short_name }} ansible_host={{ hostvars[control_node].ansible_host }}

provisioner/roles/control_node/templates/inventory/f5.j2

@@ -0,0 +1,21 @@
+[all:vars]
+ansible_user={{username}}
+ansible_password={{ admin_password }}
+{% if ssh_port is defined %}
+ansible_port={{ ssh_port }}
+{% endif %}
+
+[lb]
+{% set f5_device = ec2_name_prefix + '-' + username + '-f5' %}
+{{ hostvars[f5_device].short_name }} ansible_host={{ hostvars[f5_device].ansible_host }} ansible_user=admin private_ip={{ hostvars[f5_device].private_ip }} ansible_pass={{admin_password}}
+
+[control]
+{% set control_node = ec2_name_prefix + '-' + username + '-ansible' %}
+{{ hostvars[control_node].short_name }} ansible_host={{ hostvars[control_node].ansible_host }}
+
+
+[web]
+{% set node1 = ec2_name_prefix + '-' + username + '-node1' %}
+{{ hostvars[node1].short_name }} ansible_host={{ hostvars[node1].ansible_host }} private_ip={{hostvars[node1].private_ip }}
+{% set node2 = ec2_name_prefix + '-' + username + '-node2' %}
+{{ hostvars[node2].short_name }} ansible_host={{ hostvars[node2].ansible_host }} private_ip={{hostvars[node2].private_ip }}