From 7a373fd55ef84ae62bc370808abf61716c208a26 Mon Sep 17 00:00:00 2001 From: Sebastian Date: Tue, 5 Jul 2022 12:12:55 +0200 Subject: [PATCH 01/65] Add Note for firewall setup It is important to know that firewalld has the ssh port open by default. The note is intended to raise awareness that the port should still be opened explicitly so that this is documented. --- content/en/docs/04/_index.en.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/en/docs/04/_index.en.md b/content/en/docs/04/_index.en.md index fca3c8e2..2251e402 100644 --- a/content/en/docs/04/_index.en.md +++ b/content/en/docs/04/_index.en.md @@ -62,6 +62,11 @@ Check `httpd.service` on group `web`: ```bash ansible -i hosts web -b -a "systemctl status httpd" ``` + +{{% alert title="Hint" color="info" %}} +The ports for ssh, dhcp and cockpit are opened by default in the firewalld. It is best, especially for documentation, to open the ports explicitly in a basic settings file. +{{% /alert %}} + {{% /details %}} ### Task 2 From 812466ae2df76ff13cb21477003873d0c87d45af Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 1 Jul 2022 20:26:24 +0000 Subject: [PATCH 02/65] Update themes/docsy digest to e0a3be7 --- themes/docsy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/themes/docsy b/themes/docsy index 553faa7e..e0a3be7d 160000 --- a/themes/docsy +++ b/themes/docsy @@ -1 +1 @@ -Subproject commit 553faa7e4d6de7147e2b61584d5081cacee098fa +Subproject commit e0a3be7d226ba89fe7d0ce0c6efd6ef5b7dc86e3 From 0e2cd57a5b2c208318944e7e3e63990afb2a7183 Mon Sep 17 00:00:00 2001 From: Benjamin Affolter Date: Thu, 7 Jul 2022 09:50:57 +0200 Subject: [PATCH 03/65] Migrate to Hugo modules --- .gitmodules | 9 --------- config.toml | 20 ++++++++++++++++++-- go.mod | 11 +++++++++++ go.sum | 12 ++++++++++++ themes/docsy | 1 - themes/docsy-plus | 1 - themes/docsy-puzzle | 1 - 7 files changed, 41 insertions(+), 14 deletions(-) create mode 100644 go.mod create mode 100644 go.sum delete mode 160000 themes/docsy delete mode 160000 themes/docsy-plus delete mode 160000 themes/docsy-puzzle diff --git a/.gitmodules b/.gitmodules index 3ec3ca3e..e69de29b 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,9 +0,0 @@ -[submodule "themes/docsy"] - path = themes/docsy - url = https://github.com/google/docsy.git -[submodule "themes/docsy-plus"] - path = themes/docsy-plus - url = https://github.com/acend/docsy-plus.git -[submodule "themes/docsy-puzzle"] - path = themes/docsy-puzzle - url = https://github.com/puzzle/docsy-puzzle.git diff --git a/config.toml b/config.toml index fff6396a..a82d3db8 100644 --- a/config.toml +++ b/config.toml @@ -3,8 +3,6 @@ title = "Ansible Training" enableGitInfo = true -theme = ["docsy-puzzle", "docsy-plus", "docsy"] - languageCode = "en-us" contentDir = "content/en" @@ -100,3 +98,21 @@ url = "https://twitter.com/puzzleitc" name = "LinkedIn" icon = "fab fa-linkedin-in" url = "https://linkedin.com/company/puzzle-itc/" + +# puzzle design +[module] + [module.hugoVersion] + extended = true + min = "0.100.0" + [[module.imports]] + path = "github.com/puzzle/docsy-puzzle" + disable = false + [[module.imports]] + path = "github.com/acend/docsy-plus" + disable = false + [[module.imports]] + path = "github.com/google/docsy" + disable = false + [[module.imports]] + path = "github.com/google/docsy/dependencies" + disable = false diff --git a/go.mod b/go.mod new file mode 100644 index 00000000..606164f9 --- /dev/null +++ b/go.mod @@ -0,0 +1,11 @@ +module github.com/puzzle/ansible-training + +go 1.18 + +require ( + github.com/acend/docsy-acend v0.0.0-20220406070448-8027986336dc // indirect + github.com/acend/docsy-plus v0.0.0-20220428195954-da462686a1f4 // indirect + github.com/google/docsy v0.4.0 // indirect + github.com/google/docsy/dependencies v0.4.0 // indirect + github.com/puzzle/docsy-puzzle v0.0.0-20220406081603-2cd9f7c8d79a // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 00000000..7016b148 --- /dev/null +++ b/go.sum @@ -0,0 +1,12 @@ +github.com/FortAwesome/Font-Awesome v0.0.0-20210804190922-7d3d774145ac/go.mod h1:IUgezN/MFpCDIlFezw3L8j83oeiIuYoj28Miwr/KUYo= +github.com/acend/docsy-acend v0.0.0-20220406070448-8027986336dc h1:kNDPVcZCXsbJxqDstPoesa9YqWx84BVowj9cgxG6dnE= +github.com/acend/docsy-acend v0.0.0-20220406070448-8027986336dc/go.mod h1:92hTJB3aPssEooTK+gv0i84vwTjah30HKaLGdupJaPA= +github.com/acend/docsy-plus v0.0.0-20220428195954-da462686a1f4 h1:NH8RTlmPMcTPxfZYlqYWWcqoQ5STebCQikKByJVRnAA= +github.com/acend/docsy-plus v0.0.0-20220428195954-da462686a1f4/go.mod h1:FUTTPmi3S92rVMbCYqXdGNxixdyqACBrFTK7dOuMttQ= +github.com/google/docsy v0.4.0 h1:Eyt2aiDC1fnw/Qq/9xnIqUU5n5Yyk4c8gX3nBDdTv/4= +github.com/google/docsy v0.4.0/go.mod h1:vJjGkHNaw9bO42gpFTWwAUzHZWZEVlK46Kx7ikY5c7Y= +github.com/google/docsy/dependencies v0.4.0 h1:FXwyjtuFfPIPBauU2t7uIAgS6VYfJf+OD5pzxGvkQsQ= +github.com/google/docsy/dependencies v0.4.0/go.mod h1:2zZxHF+2qvkyXhLZtsbnqMotxMukJXLaf8fAZER48oo= +github.com/puzzle/docsy-puzzle v0.0.0-20220406081603-2cd9f7c8d79a h1:ivuXhwliGTmfp4Zn9dqHiIHPUbniLhsbSYKrsQIoFKM= +github.com/puzzle/docsy-puzzle v0.0.0-20220406081603-2cd9f7c8d79a/go.mod h1:FHtQEgHYfsiO5d1XXaF/mD5C51PQw1kea8JwTGBs93o= +github.com/twbs/bootstrap v4.6.1+incompatible/go.mod h1:fZTSrkpSf0/HkL0IIJzvVspTt1r9zuf7XlZau8kpcY0= diff --git a/themes/docsy b/themes/docsy deleted file mode 160000 index e0a3be7d..00000000 --- a/themes/docsy +++ /dev/null @@ -1 +0,0 @@ -Subproject commit e0a3be7d226ba89fe7d0ce0c6efd6ef5b7dc86e3 diff --git a/themes/docsy-plus b/themes/docsy-plus deleted file mode 160000 index da462686..00000000 --- a/themes/docsy-plus +++ /dev/null @@ -1 +0,0 @@ -Subproject commit da462686a1f469131a44c5cb14fc97a4b8a61972 diff --git a/themes/docsy-puzzle b/themes/docsy-puzzle deleted file mode 160000 index 2cd9f7c8..00000000 --- a/themes/docsy-puzzle +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 2cd9f7c8d79a982dd4f993f5209715c7696e8a08 From 4603c4249d7c3c4abf760bffbc572bbc28c8b17d Mon Sep 17 00:00:00 2001 From: Sebastian Date: Wed, 6 Jul 2022 12:45:40 +0200 Subject: [PATCH 04/65] change deprecated include module The module include is marked as deprecated: [DEPRECATION WARNING]: "include" is deprecated, use include_tasks/import_tasks instead. This feature will be removed in version 2.16. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. --- content/en/docs/05/_index.en.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/05/_index.en.md b/content/en/docs/05/_index.en.md index 6f4bffcb..59d0b998 100644 --- a/content/en/docs/05/_index.en.md +++ b/content/en/docs/05/_index.en.md @@ -121,10 +121,10 @@ $ cat roles/base/tasks/main.yml --- # tasks file for base - name: set custom text - include: motd.yml + include_tasks: motd.yml tags: motd - name: install packages - include: packages.yml + include_tasks: packages.yml tags: packages $ cat prod.yml From 52fbcc0b59c80833d4f013bc1df3848e6c9d7383 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 2 Aug 2022 20:30:53 +0000 Subject: [PATCH 05/65] Update module go to 1.19 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 606164f9..4c454022 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/puzzle/ansible-training -go 1.18 +go 1.19 require ( github.com/acend/docsy-acend v0.0.0-20220406070448-8027986336dc // indirect From 4c69cd3e056887448cbfc1575947e16a5f4bd836 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 21 Aug 2022 00:40:35 +0000 Subject: [PATCH 06/65] Update dependency markdownlint-cli to v0.32.2 --- package-lock.json | 134 +++++++++++++++++++++------------------------- package.json | 2 +- 2 files changed, 61 insertions(+), 75 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3641793b..f27e6354 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,25 +17,18 @@ "dev": true }, "brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", "dev": true, "requires": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" + "balanced-match": "^1.0.0" } }, "commander": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-9.0.0.tgz", - "integrity": "sha512-JJfP2saEKbQqvW+FI93OYUB4ByV5cizMpFMiiJI8xDbBvQvSkIk0VvQdn1CZ8mqAO8Loq2h0gYTYtDFUZUeERw==", - "dev": true - }, - "concat-map": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "version": "9.4.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-9.4.0.tgz", + "integrity": "sha512-sRPT+umqkz90UA8M1yqYfnHlZA7fF6nSphDtxeywPZ49ysjxDQybzk13CL+mXekDRG92skbcqCLVovuCusNmFw==", "dev": true }, "deep-extend": { @@ -45,15 +38,15 @@ "dev": true }, "entities": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz", - "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/entities/-/entities-3.0.1.tgz", + "integrity": "sha512-WiyBqoomrwMdFG1e0kqvASYfnlb0lp8M5o5Fw2OFq1hNZxxcNk8Ik0Xm7LxzBhuidnZB/UtBqVCgUz3kBOP51Q==", "dev": true }, "fs.realpath": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", "dev": true }, "get-stdin": { @@ -63,17 +56,16 @@ "dev": true }, "glob": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz", - "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==", + "version": "8.0.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-8.0.3.tgz", + "integrity": "sha512-ull455NHSHI/Y1FqGaaYFaLGkNMMJbavMrEGFXG/PGrg6y7sutWHUHrz6gy6WEBH6akM1M414dWKCNs+IhKdiQ==", "dev": true, "requires": { "fs.realpath": "^1.0.0", "inflight": "^1.0.4", "inherits": "2", - "minimatch": "^3.0.4", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" + "minimatch": "^5.0.1", + "once": "^1.3.0" } }, "husky": { @@ -91,7 +83,7 @@ "inflight": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", - "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", "dev": true, "requires": { "once": "^1.3.0", @@ -105,9 +97,9 @@ "dev": true }, "ini": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", - "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/ini/-/ini-3.0.0.tgz", + "integrity": "sha512-TxYQaeNW/N8ymDvwAxPyRbhMBtnEwuvaTYpOQkFx1nSeusgezHniEc/l35Vo4iCq/mMiTJbpD7oYxN98hFlfmw==", "dev": true }, "js-yaml": { @@ -120,79 +112,79 @@ } }, "jsonc-parser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.0.0.tgz", - "integrity": "sha512-fQzRfAbIBnR0IQvftw9FJveWiHp72Fg20giDrHz6TdfB12UH/uue0D3hm57UB5KgAVuniLMCaS8P1IMj9NR7cA==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.1.0.tgz", + "integrity": "sha512-DRf0QjnNeCUds3xTjKlQQ3DpJD51GvDjJfnxUVWg6PZTo2otSm+slzNAxU/35hF8/oJIKoG9slq30JYOsF2azg==", "dev": true }, "linkify-it": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz", - "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-4.0.1.tgz", + "integrity": "sha512-C7bfi1UZmoj8+PQx22XyeXCuBlokoyWQL5pWSP+EI6nzRylyThouddufc2c1NDIcP9k5agmN9fLpA7VNJfIiqw==", "dev": true, "requires": { "uc.micro": "^1.0.1" } }, "markdown-it": { - "version": "12.3.2", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz", - "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==", + "version": "13.0.1", + "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-13.0.1.tgz", + "integrity": "sha512-lTlxriVoy2criHP0JKRhO2VDG9c2ypWCsT237eDiLqi09rmbKoUetyGHq2uOIRoRS//kfoJckS0eUzzkDR+k2Q==", "dev": true, "requires": { "argparse": "^2.0.1", - "entities": "~2.1.0", - "linkify-it": "^3.0.1", + "entities": "~3.0.1", + "linkify-it": "^4.0.1", "mdurl": "^1.0.1", "uc.micro": "^1.0.5" } }, "markdownlint": { - "version": "0.25.1", - "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.25.1.tgz", - "integrity": "sha512-AG7UkLzNa1fxiOv5B+owPsPhtM4D6DoODhsJgiaNg1xowXovrYgOnLqAgOOFQpWOlHFVQUzjMY5ypNNTeov92g==", + "version": "0.26.2", + "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.26.2.tgz", + "integrity": "sha512-2Am42YX2Ex5SQhRq35HxYWDfz1NLEOZWWN25nqd2h3AHRKsGRE+Qg1gt1++exW792eXTrR4jCNHfShfWk9Nz8w==", "dev": true, "requires": { - "markdown-it": "12.3.2" + "markdown-it": "13.0.1" } }, "markdownlint-cli": { - "version": "0.31.1", - "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.31.1.tgz", - "integrity": "sha512-keIOMwQn+Ch7MoBwA+TdkyVMuxAeZFEGmIIlvwgV0Z1TGS5MxPnRr29XCLhkNzCHU+uNKGjU+VEjLX+Z9kli6g==", + "version": "0.32.2", + "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.32.2.tgz", + "integrity": "sha512-xmJT1rGueUgT4yGNwk6D0oqQr90UJ7nMyakXtqjgswAkEhYYqjHew9RY8wDbOmh2R270IWjuKSeZzHDEGPAUkQ==", "dev": true, "requires": { - "commander": "~9.0.0", + "commander": "~9.4.0", "get-stdin": "~9.0.0", - "glob": "~7.2.0", + "glob": "~8.0.3", "ignore": "~5.2.0", "js-yaml": "^4.1.0", - "jsonc-parser": "~3.0.0", - "markdownlint": "~0.25.1", - "markdownlint-rule-helpers": "~0.16.0", - "minimatch": "~3.0.5", - "run-con": "~1.2.10" + "jsonc-parser": "~3.1.0", + "markdownlint": "~0.26.2", + "markdownlint-rule-helpers": "~0.17.2", + "minimatch": "~5.1.0", + "run-con": "~1.2.11" } }, "markdownlint-rule-helpers": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/markdownlint-rule-helpers/-/markdownlint-rule-helpers-0.16.0.tgz", - "integrity": "sha512-oEacRUVeTJ5D5hW1UYd2qExYI0oELdYK72k1TKGvIeYJIbqQWAz476NAc7LNixSySUhcNl++d02DvX0ccDk9/w==", + "version": "0.17.2", + "resolved": "https://registry.npmjs.org/markdownlint-rule-helpers/-/markdownlint-rule-helpers-0.17.2.tgz", + "integrity": "sha512-XaeoW2NYSlWxMCZM2B3H7YTG6nlaLfkEZWMBhr4hSPlq9MuY2sy83+Xr89jXOqZMZYjvi5nBCGoFh7hHoPKZmA==", "dev": true }, "mdurl": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz", - "integrity": "sha1-/oWy7HWlkDfyrf7BAP1sYBdhFS4=", + "integrity": "sha512-/sKlQJCBYVY9Ers9hqzKou4H6V5UWc/M59TH2dvkt+84itfnq7uFOMLpOiOS4ujvHP4etln18fmIxA5R5fll0g==", "dev": true }, "minimatch": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.5.tgz", - "integrity": "sha512-tUpxzX0VAzJHjLu0xUfFv1gwVp9ba3IOuRAVH2EGuRW8a5emA2FlACLqiT/lDVtS1W+TGNwqz3sWaNyLgDJWuw==", + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.0.tgz", + "integrity": "sha512-9TPBGGak4nHfGZsPBohm9AWg6NoT7QTCehS3BIJABslyZbzxfV78QM2Y6+i741OPZIafFAaiiEMh5OyIrJPgtg==", "dev": true, "requires": { - "brace-expansion": "^1.1.7" + "brace-expansion": "^2.0.1" } }, "minimist": { @@ -204,27 +196,21 @@ "once": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", - "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", "dev": true, "requires": { "wrappy": "1" } }, - "path-is-absolute": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", - "dev": true - }, "run-con": { - "version": "1.2.10", - "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.10.tgz", - "integrity": "sha512-n7PZpYmMM26ZO21dd8y3Yw1TRtGABjRtgPSgFS/nhzfvbJMXFtJhJVyEgayMiP+w/23craJjsnfDvx4W4ue/HQ==", + "version": "1.2.11", + "resolved": "https://registry.npmjs.org/run-con/-/run-con-1.2.11.tgz", + "integrity": "sha512-NEMGsUT+cglWkzEr4IFK21P4Jca45HqiAbIIZIBdX5+UZTB24Mb/21iNGgz9xZa8tL6vbW7CXmq7MFN42+VjNQ==", "dev": true, "requires": { "deep-extend": "^0.6.0", - "ini": "~2.0.0", - "minimist": "^1.2.5", + "ini": "~3.0.0", + "minimist": "^1.2.6", "strip-json-comments": "~3.1.1" } }, @@ -243,7 +229,7 @@ "wrappy": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", "dev": true } } diff --git a/package.json b/package.json index a4b45251..6219e346 100644 --- a/package.json +++ b/package.json @@ -18,6 +18,6 @@ "homepage": "https://github.com/puzzle/ansible-training#readme", "devDependencies": { "husky": "8.0.1", - "markdownlint-cli": "0.31.1" + "markdownlint-cli": "0.32.2" } } From 275fb9ee92912f3f529d1df317db216a442fe588 Mon Sep 17 00:00:00 2001 From: Reto Kupferschmid Date: Mon, 14 Nov 2022 11:05:39 +0100 Subject: [PATCH 07/65] add http headers --- Dockerfile | 2 +- nginx.conf | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 nginx.conf diff --git a/Dockerfile b/Dockerfile index b7928d54..b63b98cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ FROM nginxinc/nginx-unprivileged:1.23-alpine # prevent nginx from adding ports in redirects USER root -RUN sed -i '/^http {/a \ port_in_redirect off;' /etc/nginx/nginx.conf +COPY nginx.conf /etc/nginx/nginx.conf USER 101 COPY --from=builder /src/public /usr/share/nginx/html diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 00000000..72fed4a7 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,61 @@ +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /tmp/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + port_in_redirect off; + proxy_temp_path /tmp/proxy_temp; + client_body_temp_path /tmp/client_temp; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + + keepalive_timeout 65; + + + server { + + + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Referrer-Policy strict-origin-when-cross-origin; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()"; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' unpkg.com cdn.jsdelivr.net code.jquery.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com cdn.jsdelivr.net"; + + listen 8080; + server_name localhost; + server_tokens off; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + } + +} From 8e593ca646ead261790d16aa6535abffbfddada2 Mon Sep 17 00:00:00 2001 From: Lukas Grimm Date: Tue, 6 Dec 2022 15:19:12 +0100 Subject: [PATCH 08/65] prepare for techlab 2022-12-13 (#187) --- slides/ansible-techlab/.puzzle-demo.md.swp | Bin 0 -> 16384 bytes slides/ansible-techlab/puzzle-demo.md | 52 +++++++++++++-------- 2 files changed, 33 insertions(+), 19 deletions(-) create mode 100644 slides/ansible-techlab/.puzzle-demo.md.swp diff --git a/slides/ansible-techlab/.puzzle-demo.md.swp b/slides/ansible-techlab/.puzzle-demo.md.swp new file mode 100644 index 0000000000000000000000000000000000000000..9354d31364d978084599270b75542e73615a467d GIT binary patch literal 16384 zcmeI3e~e{SeZViMg$ig>OqE8{vpYm*$GPv#E-TKCvN*#6yRyqJyTdQ7ow@J6^WHnW z`>XffH?t2AYg*;yf1UIF-aD*d1W{?!76=}cB1CyAf+bkl} z)@zPy?jN+=C4O7SX(MiL*4e0iB!Q6xRwXbfJO1=JS6{GWyLI)kty|Q&zkKy-`{=Kc z1V$1VNnj*_kpxB(7)f9xfsq7868L{Ffiio8_Yr1!x|`{j-REf=KL5-8eC9ak{miw0 z(X}6OH>mIPl577<*ZvyUVcq_sYrn^}-@l>#1=s$0*FOK6>W}*RpSt$@UHc0g+Mjpr zpL6YBcz{S)Uvus6J7azOf4KIq zy7tq~T;J}dKBkp#j_AO>j1R>}=1w8Eyg%N8m8*hIhk-umiTk zJK?^wJnt^}Q@9P5VF_CBLHGd7!=tbFyoceh;q!0@d^s?SBtX!Z+bd@I|;2{uurU{t$j2Zif~G@F6$=`(X>5 z2lrA#_!GDjZihbH03ozs7fi!W_*FO$UZO7XBK!#c0lo|0g1>{$z+G@Bd>n3rK3oEG za1rc;Nf?7S!Rhc*Y9Y_SQ}EC56?hmPgg=K*Ljecja(EZ)gmd6*I0H@t51ywk^9=k5 zeh7aHx59706#NRj5&i{xeH#7=o`fI3_uz5(Iy?rSgFaZ>UT^*W|K5)}lEzx`!b+in zT&szRy|ah+OiXO?e06;~Q0+7+RibrUl__6T5JlC=d>tfhofl=0(Ad)|J8zs+mz?6coip zTjQW8b?!&HQ~J5-_R6iw_g8M>t0IjCrAd=wMlI`>db{eR5xp{&iFxtuQ%Rl|j)jRN7I2h>gCGYAupu%1O-O zgn|mXbRJYfqSHO8+EWbxkmcMC0{sE=i*ZF^eX=F*R#P;cceX4TE*}^6Psa zP9rTtWn4o$-m9aGuX90RLOH%KDf4u79GgnbS#TvbF7K!z zF3<~>w7P1b3p=ezg|e{XF?BHS28p@R3eDT}-esEkJ(TWr;?(M^y=kjubaAmv5N}G8 z00%Q2EeGD8wl1zkdvRqDswjt%zG!QhMrl5yT2T=8-?Mc$;~7(VibskW8JTx`;PkMW z_>Vm@PpMv6X2ndixxBpGs9u0;guP~4<1s-@`xt#5&~b}ldwg|MQv8UE*RE^g?$&zL zEk@h5!}Lvz+Go@tkH(MP&vNEFeKZGIlm_jhxnpX__U6=ud`?~HZ=c$+vymm;ZCh1y zw{%~Hl{GzQI?W=z()qDOHjBBcL-ysqd{aB!ASekybr_@nEKhYWdS4|d-;`matwk({ za+8E6L#?xU*fT_%lA~63LEfkNv4?umsgmFJT_V3jcBuXV`uBHEO&z^pYN~NVwz(vk zZ#`k9`e`cC`pcZx<%p`!leD0OwtSUCk zwJA*3Y4(IO+&}0C1tx4SkV&4JC?Hn+F09ygyI==#+-a@#Ql(-pDRlly=C&t|dB3+$ zgtM2NDi!XS5*5167hLBH1jAS7s2fbyz8d{XW?gCY^6E|MQ>D*p&bI3X+x0Q$d)xp| zSX!^;j90v4(|#rMJ=8Oi$ug~u*h@~8ma8~i^|?@w!N1^DDY;%$H?C_|^(@U-nvkt! zip{eNXCt%u9wkhdbY5*xSf9q!ngC`u<@R7bS|>4)ygj}?7ObAX!H?{|ea!`xsY!3{ z#roB)hV0zj_H@45qkEG7-@z($w>)nr|F54fKTS^m6nq69hA+bda1Y!KQVTc=B^1zt zEpR5B0S}SeKM1$O$Kh5epaC8{K^}hxd{TB+t#_JAglf`N=R zr1~I#Go{%o^)Cp=ww#dZJZ5hp$+FT%v&e*ubch|SguP3ulFH1csmaTSI59CdC?_Un zstQiq6ycyKPzCG3fO?M_JPChE#A+pcI4(!we~Bm`;a7 z6oZ(Lo#v9!%SD4}?a>`(%%#+kY&D32Poc(h(srM{WXBw(dbAYeCZLyMQWZ(i*9&1F zGEDQ;mL~qujz}hzwUldn82@r^Y-aBapw0*pH{+Hx6sI@|;$ow7SO+BEs)g#hGq&_a zzE82M&{{21?dYuxl!8E^LI&GqUJQh#HCOzT7&VP$&mGBfO)%oVfZw89r-X?V4N*s{osP59j*^*=BZ8LI6s7TpG= ztz)$`d5rvTo0zi{sI0j%1ypY&GE8#Rooky+Q7VctWb|#-l8M-Vk@GHN-~~gizx!4) zi#Od=pRrJ1bh9nz$PhmK;l<+)W5wG}IFvOb@#dX>GK!O7CzKP#DjD@q;TLIMF4)@L z3_c`=uB2e7mQC5SB9m{}gUI;NKZ|u4%&1N@D0&Od(jR@Ko~kVsO8rl~MvSF}FAc;6 zF+uA|xt2K7#={03Dm+vW2b30<7>%jwhEjwKGNK44*}HTC6Ilm6gs01W1_e#E;T0>U z+twYa;$dgDW~wGvZY#z(BwBF>9^Pgu2koGLJA!ojm%8Z0kh}i)B90i&QWdJ3&)G98+Z332sw z(Crb%PL`VlWjS3 zcK`mB;Hp$$l!A(Awqtlw8?ZeNW7F?6T_A=I!GW36lL zEewtoN8&w8E!SL688r+NYqKp%;j#`z6xOS7Q;5@)hF_R+RkTwb9oU*W!Gs%&Ay&i0 z9L19>c}TUI8O^#RVcgE)kQL9x+kT!!Q*4BFg~73k_w~x1CBPzF7N<$6iBGEc>x6ZX z#q4rZ@&Lnr_69A{c;)Z1AXisd4T-ZlEy*JRYd7nKH(4#za-yAvJtYbBG%k)u9IA&QZdeR>S|TfbmYXG3gf5|=2m`_y`g7tcik{3%ZsL?063CJg3ENu~ zJ-@GQ^}jFXXNBWB@m)le9YMVc7e=1+aBta`NwBJAZ$+E217@jm>jWwl^U6%7##=fJ zq(36slF11jOWRI{fa(HwI}MA58;afYy1$ze+KaL&vRmj5_;>OqyUJmU=Pt!Uia9O=KeSWZEe?7;5SSZ|pr8cw4!>WxNbR0@eH`X}c>NBPP E1_8mm;Q#;t literal 0 HcmV?d00001 diff --git a/slides/ansible-techlab/puzzle-demo.md b/slides/ansible-techlab/puzzle-demo.md index 5a9d9406..718b5bb9 100644 --- a/slides/ansible-techlab/puzzle-demo.md +++ b/slides/ansible-techlab/puzzle-demo.md @@ -1,13 +1,15 @@ # Ansible Techlab ### ansible.puzzle.ch - +#### Lukas Grimm #### Lukas Preisig -#### Philippe Schmid + +#### Rémy Keil ---- ## Nice to meet you + -
-
+
+
-
+
### Lukas Grimm System Engineer @@ -32,7 +34,7 @@ grimm@puzzle.ch
- + -
-
+
-
+
### Lukas Preisig System Engineer @@ -57,7 +58,17 @@ preisig@puzzle.ch
- Ansible-Core 2.10 + Collections v3 - Ansible 4.0 --> Ansible-Core 2.11 + Collections v4 - Ansible 5.0 --> Ansible-Core 2.12 + Collections v5 +- Ansible 6.0 --> Ansible-Core 2.13 + Collections v6 +- Ansible 7.0 --> Ansible-Core 2.14 + Collections v7 (Current) +- Ansible 8.0 --> Ansible-Core 2.15 + Collections v8 (In development; unreleased) @@ -288,7 +302,7 @@ Note: - run python script - delete python script - python2 or python3 - + *** ## How stuff works? @@ -933,7 +947,7 @@ Tempates sind dafür da komplexe Files zu erstellen (Variabeln sind möglich und *** ## Tags -Example: +Example: ```yaml - hosts: all become: true @@ -1701,7 +1715,7 @@ Red Hat, Azure, VMWare, Cisco, Checkpoint, F5, IBM, NetApp... *** ## Collections - Name of collection is always like: - + "namespace.collectionname" Example: @@ -1987,7 +2001,7 @@ Container with: 1. tool 2. container and 3. python library - + Goal: - stable and consistent interface to Ansible @@ -2004,7 +2018,7 @@ Goal: - can be a directory structure [ansible runner introduction](https://ansible-runner.readthedocs.io/en/stable/intro/) [ansible runner demonstration](https://github.com/ansible/ansible-runner/tree/devel/demo) - + *** @@ -2076,7 +2090,7 @@ New functionality: ## ansible-navigator config file - `ansible-navigator.yml` - + Options: - https://readthedocs.org/projects/ansible-navigator/ and - `ansible-navigator --help` @@ -2095,7 +2109,7 @@ BEWARE: set `remote_user` when using EE! Tool to build your own EE -- local config file +- local config file - creates podman context and runs it - uses two other containers: ansible-builder and ansible-runner From 0562ab9c1e40f449ed784a7809d2d5d2ef18618b Mon Sep 17 00:00:00 2001 From: lukpre Date: Tue, 13 Dec 2022 11:36:06 +0100 Subject: [PATCH 09/65] add a chapter to introduce theia ide for lab participants --- slides/ansible-techlab/.puzzle-demo.md.swp | Bin 16384 -> 0 bytes slides/ansible-techlab/puzzle-demo.md | 15 ++++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) delete mode 100644 slides/ansible-techlab/.puzzle-demo.md.swp diff --git a/slides/ansible-techlab/.puzzle-demo.md.swp b/slides/ansible-techlab/.puzzle-demo.md.swp deleted file mode 100644 index 9354d31364d978084599270b75542e73615a467d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16384 zcmeI3e~e{SeZViMg$ig>OqE8{vpYm*$GPv#E-TKCvN*#6yRyqJyTdQ7ow@J6^WHnW z`>XffH?t2AYg*;yf1UIF-aD*d1W{?!76=}cB1CyAf+bkl} z)@zPy?jN+=C4O7SX(MiL*4e0iB!Q6xRwXbfJO1=JS6{GWyLI)kty|Q&zkKy-`{=Kc z1V$1VNnj*_kpxB(7)f9xfsq7868L{Ffiio8_Yr1!x|`{j-REf=KL5-8eC9ak{miw0 z(X}6OH>mIPl577<*ZvyUVcq_sYrn^}-@l>#1=s$0*FOK6>W}*RpSt$@UHc0g+Mjpr zpL6YBcz{S)Uvus6J7azOf4KIq zy7tq~T;J}dKBkp#j_AO>j1R>}=1w8Eyg%N8m8*hIhk-umiTk zJK?^wJnt^}Q@9P5VF_CBLHGd7!=tbFyoceh;q!0@d^s?SBtX!Z+bd@I|;2{uurU{t$j2Zif~G@F6$=`(X>5 z2lrA#_!GDjZihbH03ozs7fi!W_*FO$UZO7XBK!#c0lo|0g1>{$z+G@Bd>n3rK3oEG za1rc;Nf?7S!Rhc*Y9Y_SQ}EC56?hmPgg=K*Ljecja(EZ)gmd6*I0H@t51ywk^9=k5 zeh7aHx59706#NRj5&i{xeH#7=o`fI3_uz5(Iy?rSgFaZ>UT^*W|K5)}lEzx`!b+in zT&szRy|ah+OiXO?e06;~Q0+7+RibrUl__6T5JlC=d>tfhofl=0(Ad)|J8zs+mz?6coip zTjQW8b?!&HQ~J5-_R6iw_g8M>t0IjCrAd=wMlI`>db{eR5xp{&iFxtuQ%Rl|j)jRN7I2h>gCGYAupu%1O-O zgn|mXbRJYfqSHO8+EWbxkmcMC0{sE=i*ZF^eX=F*R#P;cceX4TE*}^6Psa zP9rTtWn4o$-m9aGuX90RLOH%KDf4u79GgnbS#TvbF7K!z zF3<~>w7P1b3p=ezg|e{XF?BHS28p@R3eDT}-esEkJ(TWr;?(M^y=kjubaAmv5N}G8 z00%Q2EeGD8wl1zkdvRqDswjt%zG!QhMrl5yT2T=8-?Mc$;~7(VibskW8JTx`;PkMW z_>Vm@PpMv6X2ndixxBpGs9u0;guP~4<1s-@`xt#5&~b}ldwg|MQv8UE*RE^g?$&zL zEk@h5!}Lvz+Go@tkH(MP&vNEFeKZGIlm_jhxnpX__U6=ud`?~HZ=c$+vymm;ZCh1y zw{%~Hl{GzQI?W=z()qDOHjBBcL-ysqd{aB!ASekybr_@nEKhYWdS4|d-;`matwk({ za+8E6L#?xU*fT_%lA~63LEfkNv4?umsgmFJT_V3jcBuXV`uBHEO&z^pYN~NVwz(vk zZ#`k9`e`cC`pcZx<%p`!leD0OwtSUCk zwJA*3Y4(IO+&}0C1tx4SkV&4JC?Hn+F09ygyI==#+-a@#Ql(-pDRlly=C&t|dB3+$ zgtM2NDi!XS5*5167hLBH1jAS7s2fbyz8d{XW?gCY^6E|MQ>D*p&bI3X+x0Q$d)xp| zSX!^;j90v4(|#rMJ=8Oi$ug~u*h@~8ma8~i^|?@w!N1^DDY;%$H?C_|^(@U-nvkt! zip{eNXCt%u9wkhdbY5*xSf9q!ngC`u<@R7bS|>4)ygj}?7ObAX!H?{|ea!`xsY!3{ z#roB)hV0zj_H@45qkEG7-@z($w>)nr|F54fKTS^m6nq69hA+bda1Y!KQVTc=B^1zt zEpR5B0S}SeKM1$O$Kh5epaC8{K^}hxd{TB+t#_JAglf`N=R zr1~I#Go{%o^)Cp=ww#dZJZ5hp$+FT%v&e*ubch|SguP3ulFH1csmaTSI59CdC?_Un zstQiq6ycyKPzCG3fO?M_JPChE#A+pcI4(!we~Bm`;a7 z6oZ(Lo#v9!%SD4}?a>`(%%#+kY&D32Poc(h(srM{WXBw(dbAYeCZLyMQWZ(i*9&1F zGEDQ;mL~qujz}hzwUldn82@r^Y-aBapw0*pH{+Hx6sI@|;$ow7SO+BEs)g#hGq&_a zzE82M&{{21?dYuxl!8E^LI&GqUJQh#HCOzT7&VP$&mGBfO)%oVfZw89r-X?V4N*s{osP59j*^*=BZ8LI6s7TpG= ztz)$`d5rvTo0zi{sI0j%1ypY&GE8#Rooky+Q7VctWb|#-l8M-Vk@GHN-~~gizx!4) zi#Od=pRrJ1bh9nz$PhmK;l<+)W5wG}IFvOb@#dX>GK!O7CzKP#DjD@q;TLIMF4)@L z3_c`=uB2e7mQC5SB9m{}gUI;NKZ|u4%&1N@D0&Od(jR@Ko~kVsO8rl~MvSF}FAc;6 zF+uA|xt2K7#={03Dm+vW2b30<7>%jwhEjwKGNK44*}HTC6Ilm6gs01W1_e#E;T0>U z+twYa;$dgDW~wGvZY#z(BwBF>9^Pgu2koGLJA!ojm%8Z0kh}i)B90i&QWdJ3&)G98+Z332sw z(Crb%PL`VlWjS3 zcK`mB;Hp$$l!A(Awqtlw8?ZeNW7F?6T_A=I!GW36lL zEewtoN8&w8E!SL688r+NYqKp%;j#`z6xOS7Q;5@)hF_R+RkTwb9oU*W!Gs%&Ay&i0 z9L19>c}TUI8O^#RVcgE)kQL9x+kT!!Q*4BFg~73k_w~x1CBPzF7N<$6iBGEc>x6ZX z#q4rZ@&Lnr_69A{c;)Z1AXisd4T-ZlEy*JRYd7nKH(4#za-yAvJtYbBG%k)u9IA&QZdeR>S|TfbmYXG3gf5|=2m`_y`g7tcik{3%ZsL?063CJg3ENu~ zJ-@GQ^}jFXXNBWB@m)le9YMVc7e=1+aBta`NwBJAZ$+E217@jm>jWwl^U6%7##=fJ zq(36slF11jOWRI{fa(HwI}MA58;afYy1$ze+KaL&vRmj5_;>OqyUJmU=Pt!Uia9O=KeSWZEe?7;5SSZ|pr8cw4!>WxNbR0@eH`X}c>NBPP E1_8mm;Q#;t diff --git a/slides/ansible-techlab/puzzle-demo.md b/slides/ansible-techlab/puzzle-demo.md index 718b5bb9..cf3b433f 100644 --- a/slides/ansible-techlab/puzzle-demo.md +++ b/slides/ansible-techlab/puzzle-demo.md @@ -509,13 +509,22 @@ provisioning: local - Linux: Help yourself! - Windows: - - Cygwin - - VS Code + Git for Windows - - WSL +- Cygwin +- VS Code + Git for Windows +- WSL cygwin vscode gitforwin *** +## Lab Environment + +- Linux: Help yourself! +- Theia-IDE: Short Introduction + + + +*** + # Lab 1: Setting up Ansible From 05634ccfb3b10b3b46494ba74f9a08860c039c20 Mon Sep 17 00:00:00 2001 From: lukpre Date: Tue, 13 Dec 2022 11:39:05 +0100 Subject: [PATCH 10/65] fix menu entries --- slides/ansible-techlab/puzzle-demo.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/slides/ansible-techlab/puzzle-demo.md b/slides/ansible-techlab/puzzle-demo.md index cf3b433f..1356728b 100644 --- a/slides/ansible-techlab/puzzle-demo.md +++ b/slides/ansible-techlab/puzzle-demo.md @@ -509,9 +509,9 @@ provisioning: local - Linux: Help yourself! - Windows: -- Cygwin -- VS Code + Git for Windows -- WSL + - Cygwin + - VS Code + Git for Windows + - WSL cygwin vscode gitforwin From f477a3e056195f905450e06c8bcfff8cf367a4ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sascha=20R=C3=BCger?= Date: Thu, 29 Dec 2022 15:42:37 +0100 Subject: [PATCH 11/65] add deployment to openshift (#189) * use test kubeconfig for openshift * use kube token instead of kubeconfig * typo #1 * typo #2 * add openshift api url * debug helm upgrade command * debug: try url directly * debug: try url from secret again * switch redeployment to openshift as well * switch redeployment to openshift as well, fix token * switch redeployment to openshift as well, fix server url * switch helm values to openshift * update the other actions as well to use openshift * remove annotations from values.yml * add emptyTLS parameter to values.yaml * add public true label to ingress * try to fix root problem in slides Dockerfile * try to fix root problem in slides Dockerfile #2 * try to fix root problem in slides Dockerfile #3 * try to fix root problem in slides Dockerfile #4 * try to fix root problem in slides Dockerfile #5 * try to fix root problem in slides Dockerfile #6 * try to fix root problem in slides Dockerfile #7 * try to fix root problem in slides Dockerfile #8 * try to fix root problem in slides Dockerfile #9 * try to fix root problem in slides Dockerfile #10 * try to fix root problem in slides Dockerfile #11 * try to fix root problem in slides Dockerfile #12 * try to fix root problem in slides Dockerfile #13 * try to fix root problem in slides Dockerfile #14 * try to fix root problem in slides Dockerfile #15 * try to fix root problem in slides Dockerfile #16 * try to fix root problem in slides Dockerfile #17 * test slides change * update slides yamls; rename helm values file; update techlab ingress yamls * revert test changesin slides * fix target ocp project for pushing prod * update action PR comment * add serviceaccoutn and rolebinding yamls; rename test to stg * rename slides test files to stg * tidy up debug stuff * use correct url for PR env link * rename values file back to defaut * remove obsolte ingress_ch.yml and remove helm version stuff from ingress_de.yml * debug values.yaml #1 * debug values.yaml #2 * Update yaml/training_prod/ingress_de.yaml Co-authored-by: Benjamin Affolter <5555767+bliemli@users.noreply.github.com> * fix boolean values and update ingress_de to new api version * Update yaml/training_prod/ingress_de.yaml Co-authored-by: Benjamin Affolter <5555767+bliemli@users.noreply.github.com> Co-authored-by: Benjamin Affolter <5555767+bliemli@users.noreply.github.com> --- .github/workflows/build-slides.yaml | 26 ++++----- .github/workflows/build.yaml | 22 ++++---- .github/workflows/pr-cleanup-slides.yaml | 13 ++--- .github/workflows/pr-cleanup.yaml | 13 ++--- .github/workflows/push-main-slides.yaml | 12 ++--- .github/workflows/push-main.yaml | 15 +++--- helm-chart/values.yaml | 7 +-- slides/Dockerfile | 2 + yaml/slides_deployment.yaml | 54 ------------------- yaml/slides_ingress.yaml | 26 --------- yaml/slides_prod/slides_ingress_prod.yaml | 6 +-- yaml/slides_service.yaml | 19 ------- .../slides_deployment_stg.yaml} | 4 +- .../slides_ingress_stg.yaml} | 10 ++-- .../slides_service_stg.yaml} | 2 +- yaml/training_prod/ingress_ch.yaml | 29 ---------- yaml/training_prod/ingress_de.yaml | 42 ++++++--------- .../rolebinding-github-deployment-prod.yaml | 12 +++++ .../sa-github-deployment-prod.yaml | 5 ++ .../rolebinding-github-deployment-stg.yaml | 12 +++++ .../sa-github-deployment-stg.yaml | 5 ++ 21 files changed, 101 insertions(+), 235 deletions(-) delete mode 100644 yaml/slides_deployment.yaml delete mode 100644 yaml/slides_ingress.yaml delete mode 100644 yaml/slides_service.yaml rename yaml/{slides_test/slides_deployment_test.yaml => slides_stg/slides_deployment_stg.yaml} (92%) rename yaml/{slides_test/slides_ingress_test.yaml => slides_stg/slides_ingress_stg.yaml} (67%) rename yaml/{slides_test/slides_service_test.yaml => slides_stg/slides_service_stg.yaml} (87%) delete mode 100644 yaml/training_prod/ingress_ch.yaml create mode 100644 yaml/training_prod/rolebinding-github-deployment-prod.yaml create mode 100644 yaml/training_prod/sa-github-deployment-prod.yaml create mode 100644 yaml/training_stg/rolebinding-github-deployment-stg.yaml create mode 100644 yaml/training_stg/sa-github-deployment-stg.yaml diff --git a/.github/workflows/build-slides.yaml b/.github/workflows/build-slides.yaml index 9b9fdc1d..3d99b499 100644 --- a/.github/workflows/build-slides.yaml +++ b/.github/workflows/build-slides.yaml @@ -1,4 +1,4 @@ -name: Build Slides for Training and Publish to Test Env +name: Build Slides for Training and Publish to Stg Env on: pull_request: @@ -6,7 +6,7 @@ on: - 'slides/**' jobs: - build-slides-test: + build-slides-stg: runs-on: ubuntu-latest steps: - @@ -28,7 +28,7 @@ jobs: username: ${{ secrets.QUAYIO_USERNAME }} password: ${{ secrets.QUAYIO_TOKEN }} - - name: Build Slides Test + name: Build Slides uses: docker/build-push-action@v3 with: context: . @@ -37,12 +37,12 @@ jobs: "gitlab_pullsecret=${{ secrets.GITLAB_PULLSECRET }}" push: true tags: | - quay.io/puzzle/ansible-training-slides:test + quay.io/puzzle/ansible-training-slides:stg - name: Run vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'quay.io/puzzle/ansible-training-slides:test' + image-ref: 'quay.io/puzzle/ansible-training-slides:stg' format: 'table' output: 'trivy-results.txt' exit-code: '0' @@ -61,16 +61,10 @@ jobs: with: version: v1.21.2 - - name: Create KUBECONFIG + name: Deploy RevealJS Stg env: - KUBE_CONFIG: '${{ secrets.KUBECONFIG_TEST }}' + TRAINING_NAMESPACE: 'pitc-ansible-training-stg' + KUBE_TOKEN: '${{ secrets.OPENSHIFT_SA_TOKEN_STG }}' + KUBE_URL: '${{ secrets.OPENSHIFT_API_URL }}' run: | - mkdir -p $HOME/.kube - echo "$KUBE_CONFIG" - echo "$KUBE_CONFIG" > $HOME/.kube/config - - - name: Deploy RevealJS Test - env: - TRAINING_NAMESPACE: 'pitc-ansible-training-test' - run: | - kubectl rollout restart deployment/ansible-slides --kubeconfig $HOME/.kube/config --namespace $TRAINING_NAMESPACE + kubectl rollout restart deployment/ansible-slides --server=$KUBE_URL --token=$KUBE_TOKEN --namespace $TRAINING_NAMESPACE diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 671476e6..80779e38 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -71,29 +71,25 @@ jobs: uses: azure/setup-kubectl@v3 with: version: v1.21.2 - - - name: Create KUBECONFIG - env: - KUBE_CONFIG: '${{ secrets.KUBECONFIG_TEST }}' - run: | - mkdir -p $HOME/.kube - echo "$KUBE_CONFIG" - echo "$KUBE_CONFIG" > $HOME/.kube/config - name: Deploy Helm Release env: TRAINING_HELM_RELEASE: 'pr-${{ github.event.pull_request.number }}' - TRAINING_NAMESPACE: 'pitc-ansible-training-test' + TRAINING_NAMESPACE: 'pitc-ansible-training-stg' TRAINING_VERSION: '${{ github.sha }}' + KUBE_TOKEN: '${{ secrets.OPENSHIFT_SA_TOKEN_STG }}' + KUBE_URL: '${{ secrets.OPENSHIFT_API_URL }}' run: | - helm upgrade $TRAINING_HELM_RELEASE acend-training-chart --install --wait --kubeconfig $HOME/.kube/config --namespace=$TRAINING_NAMESPACE --set=app.name=$HELM_RELEASE --set=app.version=$TRAINING_VERSION --repo=https://acend.github.io/helm-charts/ --values=helm-chart/values.yaml --atomic + helm upgrade $TRAINING_HELM_RELEASE acend-training-chart --install --wait --kube-apiserver=$KUBE_URL --kube-token=$KUBE_TOKEN --namespace=$TRAINING_NAMESPACE --set=app.name=$HELM_RELEASE --set=app.version=$TRAINING_VERSION --repo=https://acend.github.io/helm-charts/ --values=helm-chart/values.yaml --atomic - name: Redeploy Deployments env: TRAINING_HELM_RELEASE: 'pr-${{ github.event.pull_request.number }}' - TRAINING_NAMESPACE: 'pitc-ansible-training-test' + TRAINING_NAMESPACE: 'pitc-ansible-training-stg' + KUBE_TOKEN: '${{ secrets.OPENSHIFT_SA_TOKEN_STG }}' + KUBE_URL: '${{ secrets.OPENSHIFT_API_URL }}' run: | - kubectl rollout restart deployment/$TRAINING_HELM_RELEASE-ansible-puzzle --kubeconfig $HOME/.kube/config --namespace $TRAINING_NAMESPACE + kubectl rollout restart deployment/$TRAINING_HELM_RELEASE-ansible-puzzle --server=$KUBE_URL --token=$KUBE_TOKEN --namespace $TRAINING_NAMESPACE - name: Comment on PR uses: marocchino/sticky-pull-request-comment@v2 @@ -101,4 +97,4 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: | PR Environments: - * puzzle + * puzzle diff --git a/.github/workflows/pr-cleanup-slides.yaml b/.github/workflows/pr-cleanup-slides.yaml index 29024f65..4fa1fe0b 100644 --- a/.github/workflows/pr-cleanup-slides.yaml +++ b/.github/workflows/pr-cleanup-slides.yaml @@ -1,4 +1,4 @@ -name: PRCleanup Slides Test +name: PRCleanup Slides Stg on: pull_request: types: [closed] @@ -6,7 +6,7 @@ on: - 'slides/**' jobs: - delete-slides-test: + delete-slides-stg: runs-on: 'ubuntu-latest' steps: - @@ -19,17 +19,10 @@ jobs: uses: azure/setup-kubectl@v3 with: version: v1.21.2 - - - name: Create KUBECONFIG - env: - KUBE_CONFIG: '${{ secrets.KUBECONFIG_TEST }}' - run: | - mkdir -p $HOME/.kube - echo "$KUBE_CONFIG" > $HOME/.kube/config - name: Delete Tags on Quay id: delete_tags env: QUAYIO_API_TOKEN: '${{ secrets.QUAYIO_API_TOKEN }}' run: | - curl -X DELETE -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" https://quay.io/api/v1/repository/puzzle/ansible-training/tag/test + curl -X DELETE -H "Authorization: Bearer ${QUAYIO_API_TOKEN}" https://quay.io/api/v1/repository/puzzle/ansible-training/tag/stg diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml index 39a2a777..18010bd8 100644 --- a/.github/workflows/pr-cleanup.yaml +++ b/.github/workflows/pr-cleanup.yaml @@ -24,21 +24,16 @@ jobs: uses: azure/setup-kubectl@v3 with: version: v1.21.2 - - - name: Create KUBECONFIG - env: - KUBE_CONFIG: '${{ secrets.KUBECONFIG_TEST }}' - run: | - mkdir -p $HOME/.kube - echo "$KUBE_CONFIG" > $HOME/.kube/config - name: Remove PR Environment Helm Release env: TRAINING_HELM_RELEASE: 'pr-${{ github.event.pull_request.number }}' - TRAINING_NAMESPACE: 'pitc-ansible-training-test' + TRAINING_NAMESPACE: 'pitc-ansible-training-stg' TRAINING_VERSION: '${{ github.sha }}' + KUBE_TOKEN: '${{ secrets.OPENSHIFT_SA_TOKEN_STG }}' + KUBE_URL: '${{ secrets.OPENSHIFT_API_URL }}' run: | - helm uninstall $TRAINING_HELM_RELEASE --kubeconfig $HOME/.kube/config --namespace=$TRAINING_NAMESPACE + helm uninstall $TRAINING_HELM_RELEASE --kube-apiserver=$KUBE_URL --kube-token=$KUBE_TOKEN --namespace=$TRAINING_NAMESPACE - name: Delete Tags on Quay id: delete_tags env: diff --git a/.github/workflows/push-main-slides.yaml b/.github/workflows/push-main-slides.yaml index 6bb597ed..ffadcc84 100644 --- a/.github/workflows/push-main-slides.yaml +++ b/.github/workflows/push-main-slides.yaml @@ -62,17 +62,11 @@ jobs: uses: azure/setup-kubectl@v3 with: version: v1.21.2 - - - name: Create KUBECONFIG - env: - KUBE_CONFIG: '${{ secrets.KUBECONFIG }}' - run: | - mkdir -p $HOME/.kube - echo "$KUBE_CONFIG" - echo "$KUBE_CONFIG" > $HOME/.kube/config - name: Deploy RevealJS Prod env: TRAINING_NAMESPACE: 'pitc-ansible-training-prod' + KUBE_TOKEN: '${{ secrets.OPENSHIFT_SA_TOKEN_PROD }}' + KUBE_URL: '${{ secrets.OPENSHIFT_API_URL }}' run: | - kubectl rollout restart deployment/ansible-slides --kubeconfig $HOME/.kube/config --namespace $TRAINING_NAMESPACE + kubectl rollout restart deployment/ansible-slides --server=$KUBE_URL --token=$KUBE_TOKEN --namespace $TRAINING_NAMESPACE diff --git a/.github/workflows/push-main.yaml b/.github/workflows/push-main.yaml index ea9487f2..fdce6c8c 100644 --- a/.github/workflows/push-main.yaml +++ b/.github/workflows/push-main.yaml @@ -73,25 +73,22 @@ jobs: uses: azure/setup-kubectl@v3 with: version: v1.21.2 - - - name: Create KUBECONFIG - env: - KUBE_CONFIG: '${{ secrets.KUBECONFIG }}' - run: | - mkdir -p $HOME/.kube - echo "$KUBE_CONFIG" > $HOME/.kube/config - name: Deploy Helm Release env: TRAINING_HELM_RELEASE: 'latest' TRAINING_NAMESPACE: 'pitc-ansible-training-prod' TRAINING_VERSION: '${{ github.sha }}' + KUBE_TOKEN: '${{ secrets.OPENSHIFT_SA_TOKEN_PROD }}' + KUBE_URL: '${{ secrets.OPENSHIFT_API_URL }}' run: | - helm upgrade $TRAINING_HELM_RELEASE acend-training-chart --install --wait --kubeconfig $HOME/.kube/config --namespace=$TRAINING_NAMESPACE --set=app.name=$HELM_RELEASE --set=app.version=$TRAINING_VERSION --repo=https://acend.github.io/helm-charts/ --values=helm-chart/values.yaml --atomic + helm upgrade $TRAINING_HELM_RELEASE acend-training-chart --install --wait --kube-apiserver=$KUBE_URL --kube-token=$KUBE_TOKEN --namespace=$TRAINING_NAMESPACE --set=app.name=$HELM_RELEASE --set=app.version=$TRAINING_VERSION --repo=https://acend.github.io/helm-charts/ --values=helm-chart/values.yaml --atomic - name: Redeploy Deployments env: TRAINING_HELM_RELEASE: 'latest' TRAINING_NAMESPACE: 'pitc-ansible-training-prod' + KUBE_TOKEN: '${{ secrets.OPENSHIFT_SA_TOKEN_PROD }}' + KUBE_URL: '${{ secrets.OPENSHIFT_API_URL }}' run: | - kubectl rollout restart deployment/$TRAINING_HELM_RELEASE-ansible-puzzle --kubeconfig $HOME/.kube/config --namespace $TRAINING_NAMESPACE + kubectl rollout restart deployment/$TRAINING_HELM_RELEASE-ansible-puzzle --server=$KUBE_URL --token=$KUBE_TOKEN --namespace $TRAINING_NAMESPACE diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index db703d6b..2595e6b4 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -10,12 +10,13 @@ acendTraining: tag: "" tagsuffix: "" ingress: - annotations: - kubernetes.io/ingress.class: nginx-public + labels: + public: "true" useDefaultSecret: true appname: ansible domainmain: puzzle.ch - domain: k8s.puzzle.ch + domain: ocp.cloudscale.puzzle.ch + emptyTLS: true nameOverride: "ansible" fullnameOverride: "" diff --git a/slides/Dockerfile b/slides/Dockerfile index 7f25d371..cc09639b 100644 --- a/slides/Dockerfile +++ b/slides/Dockerfile @@ -1,5 +1,7 @@ FROM node +ENV NPM_CONFIG_CACHE=/tmp/.npm + WORKDIR /app RUN --mount=type=secret,id=gitlab_pullsecret PULLSECRET=$(cat /run/secrets/gitlab_pullsecret) \ diff --git a/yaml/slides_deployment.yaml b/yaml/slides_deployment.yaml deleted file mode 100644 index 177b57e1..00000000 --- a/yaml/slides_deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - field.cattle.io/description: RevealJS SLides - labels: - app.kubernetes.io/instance: slides - app.kubernetes.io/name: ansible-slides - name: ansible-slides - namespace: pitc-ansible-training-test -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app.kubernetes.io/instance: slides - app.kubernetes.io/name: ansible-slides - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - annotations: - kubectl.kubernetes.io/restartedAt: "2021-10-28T13:43:44Z" - labels: - app.kubernetes.io/instance: slides - app.kubernetes.io/name: ansible-slides - spec: - affinity: {} - containers: - - image: quay.io/puzzle/ansible-training-slides - imagePullPolicy: Always - name: slides - ports: - - containerPort: 8000 - name: http - protocol: TCP - resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 20m - memory: 56Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - terminationGracePeriodSeconds: 30 diff --git a/yaml/slides_ingress.yaml b/yaml/slides_ingress.yaml deleted file mode 100644 index 79629e33..00000000 --- a/yaml/slides_ingress.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - field.cattle.io/publicEndpoints: '[{"addresses":["10.100.1.8"],"port":443,"protocol":"HTTPS","serviceName":"pitc-ansible-training-test:ansible-slides","ingressName":"pitc-ansible-training-test:ansible-slides","hostname":"ansible-slides-test.k8s.puzzle.ch","path";"/","allNodes":true}]' - kubernetes.io/ingress.class: nginx-public - labels: - app.kubernetes.io/instance: slides - app.kubernetes.io/name: ansible-slides - name: ansible-slides - namespace: pitc-ansible-training-test -spec: - rules: - - host: ansible-slides-test.k8s.puzzle.ch - http: - paths: - - backend: - service: - name: ansible-slides - port: - number: 8000 - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - ansible-slides-test.k8s.puzzle.ch diff --git a/yaml/slides_prod/slides_ingress_prod.yaml b/yaml/slides_prod/slides_ingress_prod.yaml index 58749d6c..85f26f75 100644 --- a/yaml/slides_prod/slides_ingress_prod.yaml +++ b/yaml/slides_prod/slides_ingress_prod.yaml @@ -1,11 +1,10 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - annotations: - kubernetes.io/ingress.class: nginx-public labels: app.kubernetes.io/instance: slides app.kubernetes.io/name: ansible-slides + public: "true" name: ansible-slides namespace: pitc-ansible-training-prod spec: @@ -21,5 +20,4 @@ spec: path: / pathType: ImplementationSpecific tls: - - hosts: - - ansible-slides.puzzle.ch + - {} diff --git a/yaml/slides_service.yaml b/yaml/slides_service.yaml deleted file mode 100644 index dd24a9b5..00000000 --- a/yaml/slides_service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ansible-slides - namespace: pitc-ansible-training-test -spec: - clusterIP: 10.43.128.38 - clusterIPs: - - 10.43.128.38 - ports: - - name: http - port: 8000 - protocol: TCP - targetPort: 8000 - selector: - app.kubernetes.io/instance: slides - app.kubernetes.io/name: ansible-slides - sessionAffinity: None - type: ClusterIP diff --git a/yaml/slides_test/slides_deployment_test.yaml b/yaml/slides_stg/slides_deployment_stg.yaml similarity index 92% rename from yaml/slides_test/slides_deployment_test.yaml rename to yaml/slides_stg/slides_deployment_stg.yaml index 85f3d4a2..1825bb8f 100644 --- a/yaml/slides_test/slides_deployment_test.yaml +++ b/yaml/slides_stg/slides_deployment_stg.yaml @@ -7,7 +7,7 @@ metadata: app.kubernetes.io/instance: slides app.kubernetes.io/name: ansible-slides name: ansible-slides - namespace: pitc-ansible-training-test + namespace: pitc-ansible-training-stg spec: progressDeadlineSeconds: 600 replicas: 1 @@ -30,7 +30,7 @@ spec: spec: affinity: {} containers: - - image: quay.io/puzzle/ansible-training-slides:test + - image: quay.io/puzzle/ansible-training-slides:stg imagePullPolicy: Always name: slides ports: diff --git a/yaml/slides_test/slides_ingress_test.yaml b/yaml/slides_stg/slides_ingress_stg.yaml similarity index 67% rename from yaml/slides_test/slides_ingress_test.yaml rename to yaml/slides_stg/slides_ingress_stg.yaml index 194ffab1..c1cabd98 100644 --- a/yaml/slides_test/slides_ingress_test.yaml +++ b/yaml/slides_stg/slides_ingress_stg.yaml @@ -1,16 +1,15 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - annotations: - kubernetes.io/ingress.class: nginx-public labels: app.kubernetes.io/instance: slides app.kubernetes.io/name: ansible-slides + public: "true" name: ansible-slides - namespace: pitc-ansible-training-test + namespace: pitc-ansible-training-stg spec: rules: - - host: ansible-slides-test.puzzle.ch + - host: ansible-slides-stg.puzzle.ch http: paths: - backend: @@ -21,5 +20,4 @@ spec: path: / pathType: ImplementationSpecific tls: - - hosts: - - ansible-slides-test.puzzle.ch + - {} diff --git a/yaml/slides_test/slides_service_test.yaml b/yaml/slides_stg/slides_service_stg.yaml similarity index 87% rename from yaml/slides_test/slides_service_test.yaml rename to yaml/slides_stg/slides_service_stg.yaml index d9433cb5..8ef11d73 100644 --- a/yaml/slides_test/slides_service_test.yaml +++ b/yaml/slides_stg/slides_service_stg.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: ansible-slides - namespace: pitc-ansible-training-test + namespace: pitc-ansible-training-stg spec: ports: - name: http diff --git a/yaml/training_prod/ingress_ch.yaml b/yaml/training_prod/ingress_ch.yaml deleted file mode 100644 index fb3b7224..00000000 --- a/yaml/training_prod/ingress_ch.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - annotations: - field.cattle.io/publicEndpoints: '[{"addresses":["2a06:c00::37e9"],"port":443,"protocol":"HTTPS","serviceName":"pitc-ansible-training-prod:latest-ansible-puzzle","ingressName":"pitc-ansible-training-prod:latest-ansible-puzzle","hostname":"ansible.puzzle.ch","path":"/","allNodes":true}]' - kubernetes.io/ingress.class: nginx-public - meta.helm.sh/release-name: latest - meta.helm.sh/release-namespace: pitc-ansible-training-prod - labels: - app.kubernetes.io/instance: latest - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: ansible-puzzle - app.kubernetes.io/version: 1.0.0 - helm.sh/chart: acend-training-chart-0.1.2 - name: latest-ansible-puzzle - namespace: pitc-ansible-training-prod -spec: - rules: - - host: ansible.puzzle.ch - http: - paths: - - backend: - serviceName: latest-ansible-puzzle - servicePort: 8080 - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - ansible.puzzle.ch diff --git a/yaml/training_prod/ingress_de.yaml b/yaml/training_prod/ingress_de.yaml index 3ebd4798..6e679343 100644 --- a/yaml/training_prod/ingress_de.yaml +++ b/yaml/training_prod/ingress_de.yaml @@ -1,31 +1,23 @@ -apiVersion: extensions/v1beta1 -kind: Ingress +kind: Ingress +apiVersion: networking.k8s.io/v1 metadata: - annotations: - field.cattle.io/publicEndpoints: '[{"addresses":["2a06:c00::37e9"],"port":443,"protocol":"HTTPS","serviceName":"pitc-ansible-training-prod:latest-ansible-puzzle","ingressName":"pitc-ansible-training-prod:latest-ansible-puzzle","hostname":"ansible.puzzle-itc.de","path":"/","allNodes":true}]' - kubernetes.io/ingress.class: nginx-public - kubernetes.io/tls-acme: "true" - meta.helm.sh/release-name: latest - meta.helm.sh/release-namespace: pitc-ansible-training-prod + name: latest-ansible-puzzle + namespace: pitc-ansible-training-prod labels: - app.kubernetes.io/instance: latest - app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: ansible-puzzle app.kubernetes.io/version: 1.0.0 - helm.sh/chart: acend-training-chart-0.1.2 - name: latest-ansible-puzzle-itc-de - namespace: pitc-ansible-training-prod + public: "true" spec: - rules: - - host: ansible.puzzle-itc.de - http: - paths: - - backend: - serviceName: latest-ansible-puzzle - servicePort: 8080 - path: / - pathType: ImplementationSpecific tls: - - hosts: - - ansible.puzzle-itc.de - secretName: ansible.puzzle-itc.de + - {} + rules: + - host: ansible.puzzle-itc.de + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: latest-ansible-puzzle + port: + number: 8080 diff --git a/yaml/training_prod/rolebinding-github-deployment-prod.yaml b/yaml/training_prod/rolebinding-github-deployment-prod.yaml new file mode 100644 index 00000000..10c134cd --- /dev/null +++ b/yaml/training_prod/rolebinding-github-deployment-prod.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pitc-ansible-training-prod-github-deployment + namespace: pitc-ansible-training-prod +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edit +subjects: +- kind: ServiceAccount + name: pitc-ansible-training-prod-github-deployment diff --git a/yaml/training_prod/sa-github-deployment-prod.yaml b/yaml/training_prod/sa-github-deployment-prod.yaml new file mode 100644 index 00000000..abe5ef04 --- /dev/null +++ b/yaml/training_prod/sa-github-deployment-prod.yaml @@ -0,0 +1,5 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: pitc-ansible-training-prod-github-deployment + namespace: pitc-ansible-training-prod diff --git a/yaml/training_stg/rolebinding-github-deployment-stg.yaml b/yaml/training_stg/rolebinding-github-deployment-stg.yaml new file mode 100644 index 00000000..9ebc5b16 --- /dev/null +++ b/yaml/training_stg/rolebinding-github-deployment-stg.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pitc-ansible-training-stg-github-deployment + namespace: pitc-ansible-training-stg +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: edit +subjects: +- kind: ServiceAccount + name: pitc-ansible-training-stg-github-deployment diff --git a/yaml/training_stg/sa-github-deployment-stg.yaml b/yaml/training_stg/sa-github-deployment-stg.yaml new file mode 100644 index 00000000..c80c91b7 --- /dev/null +++ b/yaml/training_stg/sa-github-deployment-stg.yaml @@ -0,0 +1,5 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: pitc-ansible-training-stg-github-deployment + namespace: pitc-ansible-training-stg From 0cac598d21070b11e356e6545cc84136a31016f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sascha=20R=C3=BCger?= Date: Thu, 29 Dec 2022 16:58:15 +0100 Subject: [PATCH 12/65] fix ingress_de resource (#191) * fix ingress_de resource to use its own name * add tls settings for ingress_de --- yaml/training_prod/ingress_de.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/yaml/training_prod/ingress_de.yaml b/yaml/training_prod/ingress_de.yaml index 6e679343..20391ac3 100644 --- a/yaml/training_prod/ingress_de.yaml +++ b/yaml/training_prod/ingress_de.yaml @@ -1,15 +1,20 @@ kind: Ingress apiVersion: networking.k8s.io/v1 metadata: - name: latest-ansible-puzzle + name: latest-ansible-puzzle-de namespace: pitc-ansible-training-prod + annotations: + kubernetes.io/tls-acme: "true" + route.openshift.io/termination: edge labels: app.kubernetes.io/name: ansible-puzzle app.kubernetes.io/version: 1.0.0 public: "true" spec: tls: - - {} + - hosts: + - ansible.puzzle-itc.de + secretName: ansible-puzzle-itc-de-secret rules: - host: ansible.puzzle-itc.de http: From 6fcefb42d611536bbd4b646d2a8b226dfa7f4ff8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sascha=20R=C3=BCger?= Date: Thu, 19 Jan 2023 18:14:45 +0100 Subject: [PATCH 13/65] fix issue with ownership of npm cache folder (#192) * try to fix ownership of npm cache folder * debug: try extra CMD in Dockerfile before starting npm * debug: try id to set ownership of npm cache * debug: try id to set ownership of npm cache #2 * debug: try two commands in one CMD * debug: try two commands in one CMD #2 * back to the start * typo * another try to fix cache permissions * another try to fix cache permissions; typo --- slides/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/slides/Dockerfile b/slides/Dockerfile index cc09639b..0e3cbf50 100644 --- a/slides/Dockerfile +++ b/slides/Dockerfile @@ -20,6 +20,8 @@ COPY slides/index.html.patch . RUN patch --forward --strip=1 index.html --input=index.html.patch \ && npm install && npm run build -- css-themes -EXPOSE 8000 +RUN chgrp -R 0 ${NPM_CONFIG_CACHE} \ + && chmod -R g=u ${NPM_CONFIG_CACHE} +EXPOSE 8000 CMD ["npm", "start", "--", "--host=0.0.0.0"] From c5a6ef484a449a05f43fb5b07887d743b30496bb Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Mon, 6 Feb 2023 15:35:41 +0100 Subject: [PATCH 14/65] new lab and finetuning --- content/en/docs/10/01/_index.en.md | 48 +++- content/en/docs/10/02/_index.en.md | 407 +++++++++++++++++++++++++++++ content/en/docs/10/_index.en.md | 16 +- 3 files changed, 454 insertions(+), 17 deletions(-) create mode 100644 content/en/docs/10/02/_index.en.md diff --git a/content/en/docs/10/01/_index.en.md b/content/en/docs/10/01/_index.en.md index 7f4e2e51..06b85569 100644 --- a/content/en/docs/10/01/_index.en.md +++ b/content/en/docs/10/01/_index.en.md @@ -14,12 +14,26 @@ In this lab, we will use `ansible-builder` to build our own execution environmen {{% details title="Solution Task 1" %}} Since we have no Red Hat Subscription available, we install ansible-builder with pip. We install podman as well to be able to use containers. +Update python if needed: ```bash -$ sudo dnf module install -y python38 -$ sudo dnf module enable python38 -$ sudo dnf remove -y python36 +$ sudo dnf module install -y python39 +$ sudo dnf module enable python39 +$ sudo alternatives --config python3 + +There are 2 programs which provide 'python3'. + + Selection Command +----------------------------------------------- +*+ 1 /usr/bin/python3.6 + 2 /usr/bin/python3.9 + +Enter to keep the current selection[+], or type selection number: 2 $ python3 --version -Python 3.8.10 +Python 3.9.13 +``` + +Install `ansible-builder` AFTER you ensured the newer python version to be present. +```bash $ sudo dnf install -y podman python3-pip $ pip3 install ansible-builder --user ... @@ -71,7 +85,7 @@ The new EE should: * base on the latest stable version of the `ansible-runner` image from `https://quay.io` * use the `ansible.cfg` in the `techlab` folder * contain the `pyfiglet` python3 module -* contain the collection `containers.podman` +* contain the collection `containers.podman` and `ansible.posix` {{% details title="Solution Task 3" %}} ```bash @@ -84,18 +98,21 @@ ansible_config: 'ansible.cfg' dependencies: python: requirements.txt galaxy: requirements.yml + $ cat requirements.txt pyfiglet + $ cat requirements.yml collections: - containers.podman + - ansible.posix ``` {{% /details %}} ### Task 4 -* Build the new exection environment with the files from the last task. The resulting image should have a name of `default-ee`. -* With the option for very verbose (`-v3`) set, you can observe what `ansible-builder` does in the background (this will take a few minutes). +* Build the new exection environment with the files from the last task. The resulting image should have a name of `default-ee`. This will take a few minutes. +* With the option for very verbose (`-v3`) set, you can observe what `ansible-builder` does in the background. If you are interested in the details about how the execution environment is built: @@ -161,7 +178,7 @@ RUN /output/install-from-bindep && rm -rf /output/wheels ### Task 5 * Inspect the image of your new EE with `ansible-navigator`. -* Check the included ansible version and verify that the colletion `containers.podman`is present. +* Check the included ansible version and verify that the colletions `containers.podman` and `ansible.posix` are present. {{% details title="Solution Task 5" %}} ```bash @@ -185,13 +202,14 @@ Choose `2`: Choose `2`: ```bash DEFAULT-EE:LATEST (INFORMATION ABOUT ANSIBLE AND ANSIBLE COLLECTIONS) -0│--- +│--- 1│ansible: 2│ collections: 3│ details: -4│ containers.podman: 1.9.3 -5│ version: -6│ details: core 2.12.4.post0 +4│ ansible.posix: 1.5.1 +5│ containers.podman: 1.10.1 +6│ version: +7│ details: core 2.12.5.post0 ``` {{% /details %}} @@ -250,7 +268,11 @@ quay.io/bitnami/mariadb latest c6cb896c1070 11 hours ago 93.5 MB ``` Note that if you pulled the image as user `root` on the `db` servers, you will not see it in the output of `podman images` unless it's run as user `root` as well. -You would need to include the collection `ansible.posix` in your EE in order to be able to use the `firewalld` module. +Because we included the collection `ansible.posix` in our EE earlier, we can run tasks with the `firewalld` module. Therefore running the playbook `site.yml` from the ansible-navigator lab would work as well! + +```bash +$ ansible-navigator run site.yml +``` {{% /details %}} diff --git a/content/en/docs/10/02/_index.en.md b/content/en/docs/10/02/_index.en.md new file mode 100644 index 00000000..c6fdae3c --- /dev/null +++ b/content/en/docs/10/02/_index.en.md @@ -0,0 +1,407 @@ +--- +title: "10.2 Ansible-Runner" +weight: 99 +sectionnumber: 10.2 +--- + +In this lab, we will learn about `ansible-runner`, the component of AAP Controller / AWX that actually runs Ansible playbooks. + +### Task 1 + +* Install all packages needed to use `ansible-runner` command line tool on the controller host. (In case of python problems, [have a look at the ansible-builder lab](https://ansible.puzzle.ch/docs/10/01/#task-1). +* Show the help context of the `ansible-runner` command. + +{{% details title="Solution Task 1" %}} +Since we have no Red Hat Subscription available, we install ansible-runner with pip. We install podman as well to be able to use containers. + +```bash +$ pip3 install ansible-runner --user +... +$ ansible-runner --help +``` +Note that `ansible-runner` is already present when you installed `ansible-navigator` in the labs before. +{{% /details %}} + +### Task 2 + +* Set up the folder structure needed by ansible-runner to find your inventory and put your playbook in the correct folder as well. +* Use `ansible-runner` to run the play site.yml from [Lab 10.0 Task 3](https://ansible.puzzle.ch/docs/10/#task-3). + +{{% details title="Solution Task 2" %}} +```bash +$ pwd +/home/ansible/techlab +$ tree +. +├── inventory +│   └── hosts +└── project +    └── site.yml + +$ ansible-runner run /home/ansible/techlab/ -p site.yml +PLAY [Run tasks on webservers] ************************************************* + +TASK [Gathering Facts] ********************************************************* +ok: [node1] +... +... +... +node1 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +``` +{{% /details %}} + +### Task 3 + +* Add a task to `site.yml` playbook that waits for 120 seconds. The tasks should be at the end of the play running on the web group `web`. +* Use `ansible-runner` cli to run the playbook `site.yml`. +* Have a look at the running process in the `artifacts` directory. Find information about the facts cached for node1. +* Find information about a random job event. +* Show the standard output of the ansible run` + +{{% details title="Solution Task 3" %}} +```bash +$ cat site.yml +... +- name: Sleep for 120 seconds + ansible.builtin.wait_for: + timeout: 120 +... +$ ansible-runner start /home/ansible/techlab/ -p site.yml +$ tree +. +└── 82b7743d-72db-4760-b163-e24257a5ff78 + ├── command + ├── fact_cache + │   └── node1 + ├── job_events + │   ├── 10-8cbb439d-831f-44e7-ad68-d067847efcfd.json + │   ├── 11-62869478-2c8c-4cac-a566-6e09ca1aa295.json + │   ├── 12-5a420566-9318-68c2-fc18-00000000000c.json + │   ├── 13-ba4910c9-1f35-4687-851f-073bd70f96a1.json + │   ├── 14-4cedb233-fc76-4019-a6ba-e829d3cf25f7.json + │   ├── 1-54889cf9-5ceb-4541-930f-73fe24d4a08a.json + │   ├── 15-5a420566-9318-68c2-fc18-00000000000d.json + │   ├── 16-80f5f3f7-b1b5-4259-aa67-49213495fe5e.json + │   ├── 17-505f561d-cce5-42b6-a219-eb7e596c8ef9.json + │   ├── 18-5a420566-9318-68c2-fc18-00000000000e.json + │   ├── 19-3ab80b71-789b-4e65-9cb4-6b7d76de2729.json + │   ├── 2-5a420566-9318-68c2-fc18-000000000008.json + │   ├── 3-5a420566-9318-68c2-fc18-000000000015.json + │   ├── 4-790fc1a4-c0f8-4b3a-99cc-b4f4239d9a1f.json + │   ├── 5-49005502-bf17-4a88-ae9e-e25c45588bf6.json + │   ├── 6-5a420566-9318-68c2-fc18-00000000000a.json + │   ├── 7-2764164b-0fbd-4c13-b7ce-0671b308640e.json + │   ├── 8-6f454b56-c99d-4996-9de2-c349953f9970.json + │   └── 9-5a420566-9318-68c2-fc18-00000000000b.json + ├── stderr + └── stdout + +3 directories, 23 files +$ +``` +NOTE: the output of the `tree` command varies depending on when it is run. + +``` +$ cat 82b7743d-72db-4760-b163-e24257a5ff78/fact_cache/node1 +{ + "_ansible_facts_gathered": true, + "ansible_all_ipv4_addresses": [ + "5.102.147.253" + ], + "ansible_all_ipv6_addresses": [ + "fe80::5842:5ff:fe66:93fd" + ], + "ansible_apparmor": { + "status": "disabled" +... +``` + +``` +$ cat artifacts/82b7743d-72db-4760-b163-e24257a5ff78/job_events/1-54889cf9-5ceb-4541-930f-73fe24d4a08a.json +``` + +``` +$ cat artifacts/82b7743d-72db-4760-b163-e24257a5ff78/stdout + +PLAY [Run tasks on webservers] ************************************************* + +TASK [Gathering Facts] ********************************************************* +ok: [node1] + +TASK [install httpd] *********************************************************** +ok: [node1] + +TASK [start and enable httpd] ************************************************** +ok: [node1] + +TASK [start and enable firewalld] ********************************************** +ok: [node1] + +TASK [open firewall for http] ************************************************** +ok: [node1] + +TASK [Sleep for 120 seconds] *************************************************** +ok: [node1] + +PLAY [Run tasks on dbservers] ************************************************** + +TASK [Gathering Facts] ********************************************************* +ok: [node2] + +TASK [prepare motd] ************************************************************ +ok: [node2] + +PLAY RECAP ********************************************************************* +node1 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +[ansible@teacher-controller techlab]$ + +``` +{{% /details %}} + +### Task 4 + +Use `ansible-runner` cli to run the playbook `site.yml` inside an execution environment (ee). If you did the `ansible-builder` labs, you can use the ee you created then. Otherwise use `quay.io/ansible/ansible-navigator-demo-ee`. We want to use `podman` to execute the ee and also use process isolation. See `ansible-runner run --help` for which options you have to use. + +Since it is run inside a container, we have to specify with which user we want to run Ansible. Default would be the root user which is not a best practice. Also, we add a working ssh_key to the correct location in our directory. This is needed in order to open an ssh-connetion from inside the ee to the managed nodes. + +{{% alert title="Tip" color="warn" %}} +If the ee you choose is not present yet, podman will first pull it when running `ansible-runner`. This can take some time. +{{% /alert %}} + +* create the needed folder, files and its content for using the ee +* create the needed folder, files and its content for using `ansible` as `remote_user` and the corresponding ssh_key +* run the playbook `site.yml` inside the ee with the `ansible-runner` cli + +{{% details title="Solution Task 4" %}} +```bash +$ tree +. +├── env +│   ├── settings +│   └── ssh_key +├── inventory +│   └── hosts +└── project + └── site.yml + +$ cat env/settings +--- +container_image: default-ee +process_isolation_executable: podman +process_isolation: true + +$ cat /home/ansible/.ssh/id_rsa > env/ssh_key + +$ head env/ssh_key +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAgEAvAZuI1j7kz+J9bb375jjGdQqqsGc2imuoeTnFOqwLdg6+1LPj9RC +NDE7JpDoTmTRTuEqSyD/CmGawv4tLrOig4Q/sFeV1JsEt9V3fF1s9VJ7VcYq2baSLyrHFQ +... + +$ cat project/site.yml +--- +- name: Run tasks on webservers + hosts: web + become: true + remote_user: ansible #<-- +... +- name: Run tasks on dbservers + hosts: db + become: true + remote_user: ansible #<-- +... + +$ ansible-runner run /home/ansible/techlab/ -p site.yml +Identity added: /runner/artifacts/6fdb3c4d-ee40-4a40-8d6b-57b9a3788d7e/ssh_key_data (Created for convenience ahead of techlab) + +PLAY [Run tasks on webservers] ************************************************* + +TASK [Gathering Facts] ********************************************************* +ok: [node1] + +... + +PLAY RECAP ********************************************************************* +node1 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +$ +``` + +{{% alert title="Warning" color="warn" %}} +Not defining `process_isolation_executable: podman` in `env/settings` would lead to `ansible-runner` run our playbook NOT inside an ee. The output however looks almost the same. +{{% /alert %}} + +{{% /details %}} + + + +### Task 5 + +Now we want to have a look at whats happening in the background while running our playbook with `ansible-runner` inside an ee. + +* Start your playbook in the background. Use `ansible-runner --help` to see which option you can use. +* While the playbook runs, have look at the running processes with `watch -n1 'ps -ef | grep ansible- | grep -v grep'` +* Also while the playbook runs, have a look at the running containers with `watch -n1 podman ps -a` +* While the playbook still runs, stop it with corresponding option and see how the processes are terminated and the running container stopped. + +{{% details title="Solution Task 5" %}} +```bash +$ ansible-runner start /home/ansible/techlab/ -p site.yml +$ ansible-runner stop /home/ansible/techlab/ -p site.yml +``` + +{{% /details %}} + +### Task 6 + +Now we want to run our playbook `site.yml` by starting an execution environment with podman and mounting our metadata folder into the correct location inside the ee. Have a look at the [documentation](https://ansible-runner.readthedocs.io/en/stable/container/#using-runner-as-a-container-interface-to-ansible) for help. + +{{% alert title="Tip" color="info" %}} +If you have selinux in enforcing mode, remember to relabel the volumes mounted inside the container with `:Z`. +{{% /alert %}} + +{{% alert title="Warning" color="warn" %}} +Remove your `podman`-settings in `env/settings`. Otherwise, `ansible-runner` would try to run Ansible inside the container with `podman` again. This would fail since its not installed inside the `ansible-runner` image. +{{% /alert %}} + +* Use the ee `default-ee` from before or use `quay.io/ansible/ansible-navigator-demo-ee`. Remember, that an ee is always based on the ansible-runner reference image. +* How do you specify which playbook to run? +* Into which directory inside the container do you have to mount your metadata directory? +* Remove the podman-settings in the file `env/settings`. These settings would cause `ansible-runner` inside the container to try run in podman again. This would fail because podman is not installed inside the ee. +* Run your Ansible project with podman using the ee stated above. + +{{% details title="Solution Task 6" %}} +* With the env variable `RUNNER_PLAYBOOK=test.yml`. +* Into the `/runner` directory. +* `$ mv env/settings ../` +* Run it: +```bash +$ podman run --rm -e RUNNER_PLAYBOOK=site.yml -v /home/ansible/techlab:/runner:Z default-ee:latest +Identity added: /runner/artifacts/cf33c64a-c5cf-41dd-8479-e9c0057d8e8f/ssh_key_data (Created for convenience ahead of techlab) + +PLAY [Run tasks on webservers] ************************************************* + +TASK [Gathering Facts] ********************************************************* +ok: [node1] + +TASK [install httpd] *********************************************************** +ok: [node1] + +TASK [start and enable httpd] ************************************************** +ok: [node1] + +TASK [start and enable firewalld] ********************************************** +ok: [node1] + +PLAY [Run tasks on dbservers] ************************************************** + +TASK [Gathering Facts] ********************************************************* +ok: [node2] + +TASK [prepare motd] ************************************************************ +ok: [node2] + +PLAY RECAP ********************************************************************* +node1 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + +$ +``` + +{{% /details %}} + +### Task 7 (Advanced) + +* Why can't you run your `site.yml` playbook with the `quay.io/ansible/ansible-runner` image? + +{{% details title="Solution Task 7" %}} +Our playbook contains a tasks that uses the `ansible.posix.firewalld` module. The `ansible-runner` ee contains nothing but `ansible-core`. This means it cannot run the `ansible.posix.firewalld` module because it's not present in `ansible-core`. + +You can show the content of the `ansible-builder` ee with `ansible-navigator`: + +```bash +ANSIBLE-RUNNER:LATEST (INFORMATION ABOUT ANSIBLE AND ANSIBLE COLLECTIONS) +0│--- +1│ansible: +2│ collections: +3│ details: {} +4│ errors: +5│ - |- +6│ ERROR! - None of the provided paths were usable. Please specify a valid +7│ version: +8│ details: core 2.12.5.post0 +``` +See the [ansible-navigator lab](https://ansible.puzzle.ch/docs/10/#task-10) about how to get there! + + +{{% /details %}} + +### Task 8 + +Now we want to run our playbook directly by using the python module `ansible-runner` + +* Install the python module `ansible-runner` +* Create a python script `run_ansible_run.py` that runs your playbook `site.yml` +* The script should use `/home/ansible/techlab/` as the ansible metadata directory +* Make the script executable +* Run the script + +{{% details title="Solution Task 8" %}} +```bash +$ pip3 install ansible-runner --user + +$ cat run_ansible_run.py +#!/usr/bin/python3 +import ansible_runner +ansible_runner.run( + private_data_dir='/home/ansible/techlab/', + playbook='site.yml') + +$ chmod +x run_ansible_run.py + +$ ./run_ansible_run.py +Identity added: /home/ansible/techlab/artifacts/5e703775-5234-491c-b958-09bf0bd2e756/ssh_key_data (Created for convenience ahead of techlab) + +PLAY [Run tasks on webservers] ************************************************* + +TASK [Gathering Facts] ********************************************************* +ok: [node1] + +TASK [install httpd] *********************************************************** +ok: [node1] + +TASK [start and enable httpd] ************************************************** +ok: [node1] + +TASK [start and enable firewalld] ********************************************** +ok: [node1] + +TASK [open firewall for http] ************************************************** +ok: [node1] + +TASK [Sleep for 120 seconds] *************************************************** +ok: [node1] + +PLAY [Run tasks on dbservers] ************************************************** + +TASK [Gathering Facts] ********************************************************* +ok: [node2] + +TASK [prepare motd] ************************************************************ +ok: [node2] + +PLAY RECAP ********************************************************************* +node1 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +$ + +``` +{{% /details %}} + +### All done? + +* Have a look at the [ansible-runner github page](https://github.com/ansible/ansible-runner) +* Have a look at the [docs of the latest version of ansible-runner](https://ansible-runner.readthedocs.io/en/latest/) diff --git a/content/en/docs/10/_index.en.md b/content/en/docs/10/_index.en.md index 32a98081..eb89164b 100644 --- a/content/en/docs/10/_index.en.md +++ b/content/en/docs/10/_index.en.md @@ -55,7 +55,10 @@ e65e4777caa3791b6b55a61cd5b171a99fad6d0e2b58097ad242b2b8d50e5103 Configure ansible-navigator and ensure the following: -* Use the `ansible.cfg` in your local techlab directory. +* Use the `ansible.cfg` in your local techlab directory. If you didn't do the labs before, create a config file with `ansible-config init --disabled -t all > ansible.cfg`. +* Set `remote_user` in `ansible.cfg` to `ansible`. +* Move the inventory file `hosts` in a folder `inventory/`. +* Set the inventory file in your `ansible.cfg` to `inventroy/hosts`. * Use 20 forks. * Enable colorful output. * Log to a file `log.txt` in a subfolder `log` with a loglevel of `INFO`. @@ -65,6 +68,11 @@ Configure ansible-navigator and ensure the following: {{% details title="Solution Task 2" %}} ```bash +$ cat ansible.cfg +[defaults] +remote_user = ansible +inventory = /home/ansible/techlab/inventory/hosts + $ cat ansible-navigator.yml --- ansible-navigator: @@ -90,7 +98,7 @@ ansible-navigator: ### Task 3 -* Create a playbook `site.yml` that contains two plays. The first play is the same as `webservers.yml` from the earlier labs. The second play sets the content of `/etc/motd` on all hosts of the group `db` to `This is a database server`. Be sure to set a `name` keyword for each play. Use "Run tasks on webservers" for the play that runs on the group `web` and "Run tasks on dbservers" for the play that runs on group `db`. +* Create a playbook `site.yml` that contains two plays. The first play is the same as `webservers.yml` from the earlier labs. The second play sets the content of `/etc/motd` on all hosts of the group `db` to `This is a database server`. Be sure to set a `name` keyword for each play. Use "Run tasks on webservers" as value for the name keyword of the play that runs on the group `web` and "Run tasks on dbservers" for the play that runs on group `db`. {{% details title="Solution Task 3" %}} ```bash @@ -142,14 +150,14 @@ $ cat site.yml $ ansible-navigator run site.yml ... ``` -Set `remote_user` to `ansible` in the ansible configuration. Otherwise, the EE would use user root to connect to the hosts. +If you would not have set `remote_user` to `ansible` in the ansible configuration, the EE would use user root to connect to the hosts per default. So in case of problems, check your ansible.cfg: ```bash $ grep remote_user ansible.cfg remote_user = ansible ``` See the running container: ```bash -$ watch podman container list +$ watch -n1 podman container list Every 2.0s: podman container list phippu-controller: Sun Apr 3 08:12:20 2022 CONTAINER ID IMAGE COMMAND CREATED STATUS From 186670a80bffec74c6e17650c09c99b6e010216e Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Mon, 6 Feb 2023 15:55:16 +0100 Subject: [PATCH 15/65] lint --- content/en/docs/10/02/_index.en.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/en/docs/10/02/_index.en.md b/content/en/docs/10/02/_index.en.md index c6fdae3c..f640c517 100644 --- a/content/en/docs/10/02/_index.en.md +++ b/content/en/docs/10/02/_index.en.md @@ -274,10 +274,12 @@ Remove your `podman`-settings in `env/settings`. Otherwise, `ansible-runner` wou * Run your Ansible project with podman using the ee stated above. {{% details title="Solution Task 6" %}} + * With the env variable `RUNNER_PLAYBOOK=test.yml`. * Into the `/runner` directory. * `$ mv env/settings ../` * Run it: + ```bash $ podman run --rm -e RUNNER_PLAYBOOK=site.yml -v /home/ansible/techlab:/runner:Z default-ee:latest Identity added: /runner/artifacts/cf33c64a-c5cf-41dd-8479-e9c0057d8e8f/ssh_key_data (Created for convenience ahead of techlab) From 3fe36e12360e33f8291952037c3ec9a9832e287c Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Mon, 6 Feb 2023 16:00:35 +0100 Subject: [PATCH 16/65] lint --- content/en/docs/10/02/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/10/02/_index.en.md b/content/en/docs/10/02/_index.en.md index f640c517..bf95ba59 100644 --- a/content/en/docs/10/02/_index.en.md +++ b/content/en/docs/10/02/_index.en.md @@ -267,7 +267,7 @@ If you have selinux in enforcing mode, remember to relabel the volumes mounted i Remove your `podman`-settings in `env/settings`. Otherwise, `ansible-runner` would try to run Ansible inside the container with `podman` again. This would fail since its not installed inside the `ansible-runner` image. {{% /alert %}} -* Use the ee `default-ee` from before or use `quay.io/ansible/ansible-navigator-demo-ee`. Remember, that an ee is always based on the ansible-runner reference image. +* Use the ee `default-ee` from before or use `quay.io/ansible/ansible-navigator-demo-ee`. Remember, that an ee is always based on the ansible-runner reference image. * How do you specify which playbook to run? * Into which directory inside the container do you have to mount your metadata directory? * Remove the podman-settings in the file `env/settings`. These settings would cause `ansible-runner` inside the container to try run in podman again. This would fail because podman is not installed inside the ee. From b7e4a943913c6c987401ddf913eca71511adde2f Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Mon, 6 Feb 2023 16:21:34 +0100 Subject: [PATCH 17/65] lint --- content/en/docs/10/02/_index.en.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/docs/10/02/_index.en.md b/content/en/docs/10/02/_index.en.md index bf95ba59..59ee0940 100644 --- a/content/en/docs/10/02/_index.en.md +++ b/content/en/docs/10/02/_index.en.md @@ -119,6 +119,7 @@ $ cat 82b7743d-72db-4760-b163-e24257a5ff78/fact_cache/node1 ``` $ cat artifacts/82b7743d-72db-4760-b163-e24257a5ff78/job_events/1-54889cf9-5ceb-4541-930f-73fe24d4a08a.json + ``` ``` @@ -236,8 +237,6 @@ Not defining `process_isolation_executable: podman` in `env/settings` would lead {{% /details %}} - - ### Task 5 Now we want to have a look at whats happening in the background while running our playbook with `ansible-runner` inside an ee. @@ -250,7 +249,9 @@ Now we want to have a look at whats happening in the background while running ou {{% details title="Solution Task 5" %}} ```bash $ ansible-runner start /home/ansible/techlab/ -p site.yml + $ ansible-runner stop /home/ansible/techlab/ -p site.yml + ``` {{% /details %}} @@ -338,7 +339,6 @@ ANSIBLE-RUNNER:LATEST (INFORMATION ABOUT ANSIBLE AND ANSIBLE COLLECTIONS) ``` See the [ansible-navigator lab](https://ansible.puzzle.ch/docs/10/#task-10) about how to get there! - {{% /details %}} ### Task 8 From 95f1760e8712b517209d1344d2c90ae07e470fd2 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Mon, 6 Feb 2023 16:25:20 +0100 Subject: [PATCH 18/65] lint --- content/en/docs/10/01/_index.en.md | 1 + content/en/docs/10/02/_index.en.md | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/content/en/docs/10/01/_index.en.md b/content/en/docs/10/01/_index.en.md index 06b85569..b56ad650 100644 --- a/content/en/docs/10/01/_index.en.md +++ b/content/en/docs/10/01/_index.en.md @@ -272,6 +272,7 @@ Because we included the collection `ansible.posix` in our EE earlier, we can run ```bash $ ansible-navigator run site.yml + ``` {{% /details %}} diff --git a/content/en/docs/10/02/_index.en.md b/content/en/docs/10/02/_index.en.md index 59ee0940..f76287f9 100644 --- a/content/en/docs/10/02/_index.en.md +++ b/content/en/docs/10/02/_index.en.md @@ -249,9 +249,9 @@ Now we want to have a look at whats happening in the background while running ou {{% details title="Solution Task 5" %}} ```bash $ ansible-runner start /home/ansible/techlab/ -p site.yml - +... $ ansible-runner stop /home/ansible/techlab/ -p site.yml - +... ``` {{% /details %}} From 61fb0ab62744143d7c5d16f6106aa81442fd4dcb Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Mon, 6 Feb 2023 16:28:53 +0100 Subject: [PATCH 19/65] lint --- content/en/docs/10/01/_index.en.md | 6 +++--- content/en/docs/10/02/_index.en.md | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/content/en/docs/10/01/_index.en.md b/content/en/docs/10/01/_index.en.md index b56ad650..43fbe42c 100644 --- a/content/en/docs/10/01/_index.en.md +++ b/content/en/docs/10/01/_index.en.md @@ -206,8 +206,8 @@ DEFAULT-EE:LATEST (INFORMATION ABOUT ANSIBLE AND ANSIBLE COLLECTIONS) 1│ansible: 2│ collections: 3│ details: -4│ ansible.posix: 1.5.1 -5│ containers.podman: 1.10.1 +4│ ansible.posix: 1.5.1 +5│ containers.podman: 1.10.1 6│ version: 7│ details: core 2.12.5.post0 ``` @@ -272,7 +272,7 @@ Because we included the collection `ansible.posix` in our EE earlier, we can run ```bash $ ansible-navigator run site.yml - +... ``` {{% /details %}} diff --git a/content/en/docs/10/02/_index.en.md b/content/en/docs/10/02/_index.en.md index f76287f9..4c6a3c0e 100644 --- a/content/en/docs/10/02/_index.en.md +++ b/content/en/docs/10/02/_index.en.md @@ -119,7 +119,7 @@ $ cat 82b7743d-72db-4760-b163-e24257a5ff78/fact_cache/node1 ``` $ cat artifacts/82b7743d-72db-4760-b163-e24257a5ff78/job_events/1-54889cf9-5ceb-4541-930f-73fe24d4a08a.json - +... ``` ``` @@ -156,7 +156,6 @@ ok: [node2] PLAY RECAP ********************************************************************* node1 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 -[ansible@teacher-controller techlab]$ ``` {{% /details %}} From a3050ea72335f956a446ccf2d4e89df7aa582d0e Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Tue, 7 Feb 2023 09:18:43 +0100 Subject: [PATCH 20/65] python script with ee --- content/en/docs/10/02/_index.en.md | 32 ++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/content/en/docs/10/02/_index.en.md b/content/en/docs/10/02/_index.en.md index 4c6a3c0e..4711b546 100644 --- a/content/en/docs/10/02/_index.en.md +++ b/content/en/docs/10/02/_index.en.md @@ -282,7 +282,8 @@ Remove your `podman`-settings in `env/settings`. Otherwise, `ansible-runner` wou ```bash $ podman run --rm -e RUNNER_PLAYBOOK=site.yml -v /home/ansible/techlab:/runner:Z default-ee:latest -Identity added: /runner/artifacts/cf33c64a-c5cf-41dd-8479-e9c0057d8e8f/ssh_key_data (Created for convenience ahead of techlab) +Identity added: /runner/artifacts/cf33c64a-c5cf-41dd-8479-e9c0057d8e8f/ssh_key_data +(Created for convenience ahead of techlab) PLAY [Run tasks on webservers] ************************************************* @@ -342,13 +343,15 @@ See the [ansible-navigator lab](https://ansible.puzzle.ch/docs/10/#task-10) abou ### Task 8 -Now we want to run our playbook directly by using the python module `ansible-runner` +Now we want to run our playbook directly by using the python module `ansible-runner`. -* Install the python module `ansible-runner` -* Create a python script `run_ansible_run.py` that runs your playbook `site.yml` -* The script should use `/home/ansible/techlab/` as the ansible metadata directory -* Make the script executable -* Run the script +* Install the python module `ansible-runner`. +* Create a python script `run_ansible_run.py` that runs your playbook `site.yml` with `ansible-runner`. +* `Ansible-runner` should not use an ee yet. +* The script should use `/home/ansible/techlab/` as the ansible metadata directory. +* Make the script executable. +* Run the script. +* After the Ansible run completed successfully, change things to run it inside an ee. {{% details title="Solution Task 8" %}} ```bash @@ -364,7 +367,8 @@ ansible_runner.run( $ chmod +x run_ansible_run.py $ ./run_ansible_run.py -Identity added: /home/ansible/techlab/artifacts/5e703775-5234-491c-b958-09bf0bd2e756/ssh_key_data (Created for convenience ahead of techlab) +Identity added: /home/ansible/techlab/artifacts/5e703775-5234-491c-b958-09bf0bd2e756/ssh_key_data +(Created for convenience ahead of techlab) PLAY [Run tasks on webservers] ************************************************* @@ -398,8 +402,20 @@ PLAY RECAP ********************************************************************* node1 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 node2 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 $ +``` + +For running `ansible-runner` from the python script inside an ee, just ensure that the `settings` file is present in the `env` folder. +```bash +$ cat env/settings +--- +container_image: default-ee +process_isolation_executable: podman +process_isolation: true ``` + +Now, when you start the `run_ansible_run.py` script again, Ansible is run inside the defined ee. You can check this with `$ watch -n1 podman ps -a` while running the script. + {{% /details %}} ### All done? From 160ccd2546a92dc33f72c9f29a61438cf1858567 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Tue, 7 Feb 2023 09:24:03 +0100 Subject: [PATCH 21/65] lint --- content/en/docs/10/02/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/10/02/_index.en.md b/content/en/docs/10/02/_index.en.md index 4711b546..e8d35477 100644 --- a/content/en/docs/10/02/_index.en.md +++ b/content/en/docs/10/02/_index.en.md @@ -351,7 +351,7 @@ Now we want to run our playbook directly by using the python module `ansible-run * The script should use `/home/ansible/techlab/` as the ansible metadata directory. * Make the script executable. * Run the script. -* After the Ansible run completed successfully, change things to run it inside an ee. +* After the Ansible run completed successfully, change things to run it inside an ee. {{% details title="Solution Task 8" %}} ```bash From 4af7ab9775e6e9792576313f9007ac2f17d5f9ba Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Tue, 7 Feb 2023 10:15:16 +0100 Subject: [PATCH 22/65] add python doc --- content/en/docs/10/02/_index.en.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/en/docs/10/02/_index.en.md b/content/en/docs/10/02/_index.en.md index e8d35477..73caf1dd 100644 --- a/content/en/docs/10/02/_index.en.md +++ b/content/en/docs/10/02/_index.en.md @@ -422,3 +422,4 @@ Now, when you start the `run_ansible_run.py` script again, Ansible is run inside * Have a look at the [ansible-runner github page](https://github.com/ansible/ansible-runner) * Have a look at the [docs of the latest version of ansible-runner](https://ansible-runner.readthedocs.io/en/latest/) +* Have a look at the [documentation of the python module](https://ansible-runner.readthedocs.io/en/stable/python_interface/) and see what the library is capable of. From 52469004429a8b477cc63e8578135b24ade7d10d Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Thu, 16 Feb 2023 13:34:56 +0100 Subject: [PATCH 23/65] fix typos --- content/en/docs/04/03/_index.en.md | 2 +- content/en/docs/04/05/_index.en.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/docs/04/03/_index.en.md b/content/en/docs/04/03/_index.en.md index 8430a79a..82a9c410 100644 --- a/content/en/docs/04/03/_index.en.md +++ b/content/en/docs/04/03/_index.en.md @@ -68,7 +68,7 @@ Example `output.yml`: * Solve this task by searching for files ending with `.bak` and registering the result to a variable. Then do tasks only if certain conditions are met. {{% alert title="Tip" color="info" %}} -Have a look at the documentation about the command modul: [Ansible Docs - command](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/command_module.html) +Have a look at the documentation about the command module: [Ansible Docs - command](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/command_module.html) {{% /alert %}} {{% details title="Solution Task 3" %}} diff --git a/content/en/docs/04/05/_index.en.md b/content/en/docs/04/05/_index.en.md index f3a585e4..0166c2da 100644 --- a/content/en/docs/04/05/_index.en.md +++ b/content/en/docs/04/05/_index.en.md @@ -31,7 +31,7 @@ $ time ansible node1 -B 10 -P 30 -a "/usr/bin/sleep 1000" node1 | FAILED | rc=-1 >> async task did not complete within the requested time - 10s -real 0m32.625s #<- more than the polling intervall +real 0m32.625s #<- more than the polling interval user 0m5.541s sys 0m0.684s $ @@ -83,7 +83,7 @@ $ In the playbook `async.yml` do the following: -* Put the task above in the background and change the values of the sleepduration, polling intervall ans async time to reasonable values. +* Put the task above in the background and change the values of the sleepduration, polling interval and async time to reasonable values. * Check back with an `async_status` task if the sleep-task has finished. * Run the playbook. From 23b9a9b811c6030fb710787d2ed9b4e940e8e10e Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Thu, 16 Feb 2023 14:18:16 +0100 Subject: [PATCH 24/65] button to next workshops --- content/en/_index.html | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/content/en/_index.html b/content/en/_index.html index c4a0ce43..8053413a 100644 --- a/content/en/_index.html +++ b/content/en/_index.html @@ -12,8 +12,13 @@ }}"> Labs - - Slides - + + Slides + +
+
+ + Next Ansible Workshops by Puzzle +
{{< /blocks/cover >}} From e8288bb0ce50f7f07411e071d5539a0ae898784f Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Thu, 16 Feb 2023 14:33:09 +0100 Subject: [PATCH 25/65] remove tabs --- content/en/_index.html | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/content/en/_index.html b/content/en/_index.html index 8053413a..f0f64611 100644 --- a/content/en/_index.html +++ b/content/en/_index.html @@ -6,18 +6,18 @@ {{< blocks/cover title="Puzzle Ansible Training" image_anchor="top" height="full" color="primary" >}}
- }}"> - Setup - - }}"> - Labs - + }}"> + Setup + + }}"> + Labs + Slides
- + Next Ansible Workshops by Puzzle
From d947d3b4f4e92864ac456e7b987892c78b309bcf Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Thu, 16 Feb 2023 15:00:34 +0100 Subject: [PATCH 26/65] syntax --- content/en/_index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/_index.html b/content/en/_index.html index f0f64611..3844c392 100644 --- a/content/en/_index.html +++ b/content/en/_index.html @@ -17,7 +17,7 @@
- + Next Ansible Workshops by Puzzle
From 4802918787000630bcbceb9ae7ff65c2040f4dd5 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Fri, 17 Feb 2023 08:56:52 +0100 Subject: [PATCH 27/65] fix and new links --- content/en/_index.html | 9 +++- content/en/docs/11/_index.en.md | 89 +++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+), 2 deletions(-) create mode 100644 content/en/docs/11/_index.en.md diff --git a/content/en/_index.html b/content/en/_index.html index 3844c392..b6beac55 100644 --- a/content/en/_index.html +++ b/content/en/_index.html @@ -12,13 +12,18 @@ }}"> Labs - + Slides
- Next Ansible Workshops by Puzzle + Ansible Engineerig + +
+
+ + Ansible Blogposts
{{< /blocks/cover >}} diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md new file mode 100644 index 00000000..37c431ff --- /dev/null +++ b/content/en/docs/11/_index.en.md @@ -0,0 +1,89 @@ +--- +title: 11. Event Driven Ansible +weight: 11 +sectionnumber: 11 +--- + +In this lab we are going to learn how to use Event Driven Ansible + +### Task 1 + +* Install + +{{% details title="Solution Task 1" %}} +```bash +$ sudo yum -y install java-latest-openjdk + +$ env + +$ pip install ansible-rulebook ansible ansible-runner + + + + +``` +{{% /details %}} + +### Task 2 + +* + +{{% alert title="Tip" color="info" %}} + +{{% /alert %}} + +{{% details title="Solution Task 2" %}} + +```bash +``` +{{% /details %}} + +### Task 3 + +* + +{{% details title="Solution Task 3" %}} +```bash +``` +{{% /details %}} + +### Task 4 + +* + +{{% details title="Solution Task 4" %}} +```bash +``` +{{% /details %}} + +### Task 5 + +* + +{{% details title="Solution Task 5" %}} +```bash +``` +{{% /details %}} + +### Task 6 + +* + +{{% details title="Solution Task 6" %}} +```bash +``` +{{% /details %}} + +### Task 7 + +* + +{{% details title="Solution Task 7" %}} +```bash + +``` +{{% /details %}} + +### All done? + +* From cd072648f001efbe143056d3cd5364d34bc6cbae Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Fri, 17 Feb 2023 09:01:54 +0100 Subject: [PATCH 28/65] remove unready lab --- content/en/docs/11/_index.en.md | 89 --------------------------------- 1 file changed, 89 deletions(-) delete mode 100644 content/en/docs/11/_index.en.md diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md deleted file mode 100644 index 37c431ff..00000000 --- a/content/en/docs/11/_index.en.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: 11. Event Driven Ansible -weight: 11 -sectionnumber: 11 ---- - -In this lab we are going to learn how to use Event Driven Ansible - -### Task 1 - -* Install - -{{% details title="Solution Task 1" %}} -```bash -$ sudo yum -y install java-latest-openjdk - -$ env - -$ pip install ansible-rulebook ansible ansible-runner - - - - -``` -{{% /details %}} - -### Task 2 - -* - -{{% alert title="Tip" color="info" %}} - -{{% /alert %}} - -{{% details title="Solution Task 2" %}} - -```bash -``` -{{% /details %}} - -### Task 3 - -* - -{{% details title="Solution Task 3" %}} -```bash -``` -{{% /details %}} - -### Task 4 - -* - -{{% details title="Solution Task 4" %}} -```bash -``` -{{% /details %}} - -### Task 5 - -* - -{{% details title="Solution Task 5" %}} -```bash -``` -{{% /details %}} - -### Task 6 - -* - -{{% details title="Solution Task 6" %}} -```bash -``` -{{% /details %}} - -### Task 7 - -* - -{{% details title="Solution Task 7" %}} -```bash - -``` -{{% /details %}} - -### All done? - -* From 6bb4f407d2a409a564ddbee92f58c6bc30186d6d Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Fri, 17 Feb 2023 09:20:36 +0100 Subject: [PATCH 29/65] typo --- content/en/_index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/_index.html b/content/en/_index.html index b6beac55..58b81d64 100644 --- a/content/en/_index.html +++ b/content/en/_index.html @@ -18,7 +18,7 @@
- Ansible Engineerig + Ansible Engineering
From 80527b8476addfbc60f75e589eeeda94a463b802 Mon Sep 17 00:00:00 2001 From: Reto Kupferschmid Date: Fri, 24 Mar 2023 10:50:59 +0100 Subject: [PATCH 30/65] add log annotation (#195) * add log annotation * add logtenant to slides deployment --- helm-chart/values.yaml | 4 +++- yaml/slides_prod/slides_deployment_prod.yaml | 1 + yaml/slides_stg/slides_deployment_stg.yaml | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 2595e6b4..61a6f526 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -1,7 +1,7 @@ acendTraining: servicePort: 8080 deployments: - - + - name: puzzle replicaCount: 2 image: @@ -9,6 +9,8 @@ acendTraining: pullPolicy: Always tag: "" tagsuffix: "" + podAnnotations: + puzzle.ch/logtenant: general ingress: labels: public: "true" diff --git a/yaml/slides_prod/slides_deployment_prod.yaml b/yaml/slides_prod/slides_deployment_prod.yaml index 5678176d..529b1278 100644 --- a/yaml/slides_prod/slides_deployment_prod.yaml +++ b/yaml/slides_prod/slides_deployment_prod.yaml @@ -24,6 +24,7 @@ spec: template: metadata: annotations: + puzzle.ch/logtenant: general labels: app.kubernetes.io/instance: slides app.kubernetes.io/name: ansible-slides diff --git a/yaml/slides_stg/slides_deployment_stg.yaml b/yaml/slides_stg/slides_deployment_stg.yaml index 1825bb8f..f4cd0577 100644 --- a/yaml/slides_stg/slides_deployment_stg.yaml +++ b/yaml/slides_stg/slides_deployment_stg.yaml @@ -24,6 +24,7 @@ spec: template: metadata: annotations: + puzzle.ch/logtenant: general labels: app.kubernetes.io/instance: slides app.kubernetes.io/name: ansible-slides From 078351eb0005a0c19e9c8c9abbd827d07c32887b Mon Sep 17 00:00:00 2001 From: KramNamez <108786702+KramNamez@users.noreply.github.com> Date: Tue, 25 Apr 2023 12:47:21 +0200 Subject: [PATCH 31/65] Add command to remove .git on deployment (#196) * Add command to remove .git on deployment Gotta get rid of that directory or the bugbounty will keep reporting it... * Update with different version of the same command * rm somewhere else --------- Co-authored-by: Lukas Grimm --- slides/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/slides/Dockerfile b/slides/Dockerfile index 0e3cbf50..8f0b10de 100644 --- a/slides/Dockerfile +++ b/slides/Dockerfile @@ -10,7 +10,8 @@ RUN --mount=type=secret,id=gitlab_pullsecret PULLSECRET=$(cat /run/secrets/gitla && mv puzzle-theme/css/theme/puzzle.css reveal/css/theme/ \ && mv puzzle-theme/css/theme/source/puzzle.scss reveal/css/theme/source/ \ && mv puzzle-theme/css/theme/source/puzzle-imgs reveal/css/theme/source/ \ - && rm -rf puzzle-theme + && rm -rf puzzle-theme \ + && rm -rf reveal/.git/ WORKDIR reveal @@ -22,6 +23,6 @@ RUN patch --forward --strip=1 index.html --input=index.html.patch \ RUN chgrp -R 0 ${NPM_CONFIG_CACHE} \ && chmod -R g=u ${NPM_CONFIG_CACHE} - + EXPOSE 8000 CMD ["npm", "start", "--", "--host=0.0.0.0"] From 688e609b110d8bbbef15d3206a7738a24f0fe2d8 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Mon, 8 May 2023 10:06:30 +0200 Subject: [PATCH 32/65] ansible-rulebook lab --- content/en/docs/11/_index.en.md | 185 ++++++++++++++++++++++++++++++++ 1 file changed, 185 insertions(+) create mode 100644 content/en/docs/11/_index.en.md diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md new file mode 100644 index 00000000..07e3d4b9 --- /dev/null +++ b/content/en/docs/11/_index.en.md @@ -0,0 +1,185 @@ +--- +title: 11. Event Driven Ansible +weight: 11 +sectionnumber: 11 +--- + +In this lab we are going to learn how to use Event Driven Ansible. For the following tasks, server 'node1' and 'node2' act as webservers. You can use Lab 4.0 as a guideline. + +{{% alert title="Note" color="primary" %}} +Note, that as of Mai 2023, EDA is still in developer preview state. Documentation and all content is work in progress! +{{% /alert %}} + +### Task 2 + +* Point your webbrowser to the official documentation of 'ansible-rulebook'. +* Install and configure everything needed to run ansible-rulebook and source plugins. +* Check version of 'ansible-rulebook' + +{{% details title="Solution Task 1" %}} + +[https://ansible-rulebook.readthedocs.io/en/stable/index.html](https://ansible-rulebook.readthedocs.io/en/stable/index.html) + +```bash +sudo dnf --assumeyes install java-17-openjdk python3-pip +export JAVA_HOME=/usr/lib/jvm/jre-17-openjdk +pip install ansible ansible-rulebook +ansible-galaxy collection install ansible.eda +``` +{{% /details %}} + +### Task 2 + +* Write a playbook `webserver.yml` that installs the servers in group `web` as webservers. See Lab 4.0 for guidelines. +* Ensure, that the inventory file `hosts` in the folder inventory has the group `web` with `node1` and `node2` as members. +* Run the playbook `webserver.yml` and check that the webservers are up and running. + +{{% details title="Solution Task 2" %}} + +```bash +$ cat webserver.yml` +--- +- hosts: web + become: true + tasks: + - name: install httpd + ansible.builtin.dnf: + name: + - httpd + - firewalld + state: installed + - name: start and enable httpd + ansible.builtin.service: + name: httpd + state: started + enabled: yes + - name: start and enable firewalld + ansible.builtin.service: + name: firewalld + state: started + enabled: yes + - name: open firewall for http + firewalld: + service: http + state: enabled + permanent: yes + immediate: yes + +$ cat inventory/hosts +[controller] +control0 ansible_host= + +[web] +node1 ansible_host= +node2 ansible_host= + +$ ansible-playbook -i inventory/hosts webserver.yml +$ dnf install -y lynx +$ lynx http:// +$ lynx http:// + +``` +{{% /details %}} + +### Task 3 + +* Write a rulebook `webserver_rulebook.yml` that checks if the webpages on `node1` and `node2` are up and running. +* If the webpages are not available anymore, the `webserver.yml` playbook should be re-run. +* Use `url_check` from the `ansible.eda` collection as the source plugin in your rulebook. + +{{% alert title="Note" color="primary" %}} +If you don't have the `ansible.eda` collection installed yet, `ansible-rulebook` would start, but fail because the `url_check` source plugin cannot be found. +{{% /alert %}} + +{{% details title="Solution Task 3" %}} +```bash +$ cat webserver_rulebook.yml` +--- +- name: rebuild webservers if site down + hosts: web + sources: + - name: check webserver + ansible.eda.url_check: + urls: + - http://:80/ + - http://:80/ + delay: 10 + rules: + - name: check if site down and rebuild + condition: event.status == "down" + action: + run_playbook: + name: webserver.yml +``` +{{% /details %}} + +### Task 4 + +* Start `webserver_rulebook.yml` in verbose mode. +* Stop the httpd service on `node1` from another terminal on `control0` and see how the playbook `webserver.yml` is re-run. + +{{% details title="Solution Task 4" %}} +```bash +ansible-rulebook --rulebook webserver_rulebook.yml -i inventory/hosts --verbose + +ansible node1 -i inventory/hosts -b -m service -a "name=httpd state=stopped" +``` +{{% /details %}} + +### Task 5 + +* Write the rulebook `webhook_rulebook.yml` that opens a webhook on port 5000 of the control node `control0`. +* The rulebook should re-run the playbook `webserver.yml` if the webhook receives a message with the content "webservers down". +* Use `webhook` from the `ansible.eda` collection as the source plugin in your rulebook. + +{{% details title="Solution Task 5" %}} +```bash +$ cat webhook_rulebook.yml +--- +- name: rebuild webserver if webhook receives message that matches rule condition + hosts: web + sources: + - name: start webhook and listen for messages + ansible.eda.webhook: + host: 0.0.0.0 + port: 5000 + rules: + - name: rebuild webserver if monitoring tool sends alert + condition: event.payload.message == "webservers down" + action: + run_playbook: + name: webserver.yml +``` +{{% /details %}} + +### Task 6 + +* Run the rulebook `webhook_rulebook.yml` in verbose mode. +* Send a message the the webhook containing the message "webservers running" +* You can do this by issuing: `curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers running\"}" 127.0.0.1:5000/endpoint` +* See how the message is received, processed, but no actions are taken since the message doesn't match the condition defined. +* Now send the message "webservers down" to the webhook. See how the playbook `webserver.yml` is run. + + +{{% details title="Solution Task 6" %}} +```bash +ansible-rulebook --rulebook webhook_rulebook.yml -i inventory/hosts --verbose + +curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers running\"}" 127.0.0.1:5000/endpoint + +curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers down\"}" 127.0.0.1:5000/endpoint +``` +{{% /details %}} + +### Task 7 + +* What source plugins are available in the `ansible.eda` collection? + +{{% details title="Solution Task 7" %}} +[Event Driven Ansible on Github](https://github.com/ansible/event-driven-ansible/tree/main/extensions/eda/plugins/event_source) +{{% /details %}} + +### All done? + +* [Ansible-rulebook documentation](https://ansible-rulebook.readthedocs.io/en/stable/) +* [AnsibleAutomates Yourtube channel for more examples](https://www.youtube.com/@AnsibleAutomation/videos) From 5ae4baee17ce4d2a32476bcf179503ba76b96ee4 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Mon, 8 May 2023 10:21:46 +0200 Subject: [PATCH 33/65] minor fixes --- content/en/docs/11/_index.en.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index 07e3d4b9..cd27c288 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -12,7 +12,7 @@ Note, that as of Mai 2023, EDA is still in developer preview state. Documentatio ### Task 2 -* Point your webbrowser to the official documentation of 'ansible-rulebook'. +* Point your webbrowser to the official documentation of `ansible-rulebook`. * Install and configure everything needed to run ansible-rulebook and source plugins. * Check version of 'ansible-rulebook' @@ -31,7 +31,7 @@ ansible-galaxy collection install ansible.eda ### Task 2 * Write a playbook `webserver.yml` that installs the servers in group `web` as webservers. See Lab 4.0 for guidelines. -* Ensure, that the inventory file `hosts` in the folder inventory has the group `web` with `node1` and `node2` as members. +* Ensure that the inventory file `hosts` in the folder inventory has the group `web` with `node1` and `node2` as members. * Run the playbook `webserver.yml` and check that the webservers are up and running. {{% details title="Solution Task 2" %}} @@ -106,7 +106,7 @@ $ cat webserver_rulebook.yml` delay: 10 rules: - name: check if site down and rebuild - condition: event.status == "down" + condition: event.url_check.status == "down" action: run_playbook: name: webserver.yml @@ -116,7 +116,7 @@ $ cat webserver_rulebook.yml` ### Task 4 * Start `webserver_rulebook.yml` in verbose mode. -* Stop the httpd service on `node1` from another terminal on `control0` and see how the playbook `webserver.yml` is re-run. +* Stop the httpd service on `node1` with ansible from another terminal on `control0` and see how the playbook `webserver.yml` is re-run. (You could also just stop the service directly on `node1`.) {{% details title="Solution Task 4" %}} ```bash @@ -129,7 +129,7 @@ ansible node1 -i inventory/hosts -b -m service -a "name=httpd state=stopped" ### Task 5 * Write the rulebook `webhook_rulebook.yml` that opens a webhook on port 5000 of the control node `control0`. -* The rulebook should re-run the playbook `webserver.yml` if the webhook receives a message with the content "webservers down". +* The rulebook should re-run the playbook `webserver.yml` if the webhook receives a message "webservers down". * Use `webhook` from the `ansible.eda` collection as the source plugin in your rulebook. {{% details title="Solution Task 5" %}} @@ -155,12 +155,11 @@ $ cat webhook_rulebook.yml ### Task 6 * Run the rulebook `webhook_rulebook.yml` in verbose mode. -* Send a message the the webhook containing the message "webservers running" +* Send the string "webservers running" to the webhook. * You can do this by issuing: `curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers running\"}" 127.0.0.1:5000/endpoint` * See how the message is received, processed, but no actions are taken since the message doesn't match the condition defined. * Now send the message "webservers down" to the webhook. See how the playbook `webserver.yml` is run. - {{% details title="Solution Task 6" %}} ```bash ansible-rulebook --rulebook webhook_rulebook.yml -i inventory/hosts --verbose @@ -182,4 +181,4 @@ curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers down\"}" ### All done? * [Ansible-rulebook documentation](https://ansible-rulebook.readthedocs.io/en/stable/) -* [AnsibleAutomates Yourtube channel for more examples](https://www.youtube.com/@AnsibleAutomation/videos) +* [AnsibleAutomates Youtube channel for more examples](https://www.youtube.com/@AnsibleAutomation/videos) From 9a227540b2a6fe024ef09d02eef91f02fa33a8ea Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Mon, 8 May 2023 11:06:47 +0200 Subject: [PATCH 34/65] add consitent weights for pages --- content/en/docs/01/_index.en.md | 2 +- content/en/docs/02/_index.en.md | 2 +- content/en/docs/03/_index.en.md | 2 +- content/en/docs/04/_index.en.md | 2 +- content/en/docs/05/_index.en.md | 2 +- content/en/docs/06/_index.en.md | 2 +- content/en/docs/07/_index.en.md | 2 +- content/en/docs/08/_index.en.md | 2 +- content/en/docs/09/_index.en.md | 2 +- content/en/docs/10/01/_index.en.md | 2 +- content/en/docs/10/02/_index.en.md | 2 +- content/en/docs/10/_index.en.md | 2 +- content/en/docs/11/_index.en.md | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/content/en/docs/01/_index.en.md b/content/en/docs/01/_index.en.md index 061057b2..223f37ac 100644 --- a/content/en/docs/01/_index.en.md +++ b/content/en/docs/01/_index.en.md @@ -1,6 +1,6 @@ --- title: 1. Setting up Ansible -weight: 1 +weight: 10 sectionnumber: 1 --- diff --git a/content/en/docs/02/_index.en.md b/content/en/docs/02/_index.en.md index 896e95de..1d4d8e43 100644 --- a/content/en/docs/02/_index.en.md +++ b/content/en/docs/02/_index.en.md @@ -1,6 +1,6 @@ --- title: 2. Documentation -weight: 2 +weight: 20 sectionnumber: 2 --- diff --git a/content/en/docs/03/_index.en.md b/content/en/docs/03/_index.en.md index a0aad349..65ec90b8 100644 --- a/content/en/docs/03/_index.en.md +++ b/content/en/docs/03/_index.en.md @@ -1,6 +1,6 @@ --- title: "3. Setup and Ad Hoc Commands" -weight: 3 +weight: 30 sectionnumber: 3 --- diff --git a/content/en/docs/04/_index.en.md b/content/en/docs/04/_index.en.md index 2251e402..63d30ca6 100644 --- a/content/en/docs/04/_index.en.md +++ b/content/en/docs/04/_index.en.md @@ -1,6 +1,6 @@ --- title: 4. Ansible Playbooks - Basics -weight: 4 +weight: 40 sectionnumber: 4 --- diff --git a/content/en/docs/05/_index.en.md b/content/en/docs/05/_index.en.md index 59d0b998..382af3b9 100644 --- a/content/en/docs/05/_index.en.md +++ b/content/en/docs/05/_index.en.md @@ -1,6 +1,6 @@ --- title: 5. Ansible Roles - Basics -weight: 5 +weight: 50 sectionnumber: 5 --- diff --git a/content/en/docs/06/_index.en.md b/content/en/docs/06/_index.en.md index 26b94cee..6a309ed7 100644 --- a/content/en/docs/06/_index.en.md +++ b/content/en/docs/06/_index.en.md @@ -1,6 +1,6 @@ --- title: 6. Managing Secrets with Ansible Vault -weight: 6 +weight: 60 sectionnumber: 6 --- diff --git a/content/en/docs/07/_index.en.md b/content/en/docs/07/_index.en.md index a4475d42..b92cfe8c 100644 --- a/content/en/docs/07/_index.en.md +++ b/content/en/docs/07/_index.en.md @@ -1,6 +1,6 @@ --- title: 7. Ansible Galaxy and more -weight: 7 +weight: 70 sectionnumber: 7 --- diff --git a/content/en/docs/08/_index.en.md b/content/en/docs/08/_index.en.md index 635eee14..a9b04599 100644 --- a/content/en/docs/08/_index.en.md +++ b/content/en/docs/08/_index.en.md @@ -1,6 +1,6 @@ --- title: 8. Ansible Collections -weight: 8 +weight: 80 sectionnumber: 8 --- diff --git a/content/en/docs/09/_index.en.md b/content/en/docs/09/_index.en.md index 40a6a223..877c38a7 100644 --- a/content/en/docs/09/_index.en.md +++ b/content/en/docs/09/_index.en.md @@ -1,6 +1,6 @@ --- title: 9. AWX/Ansible Tower -weight: 92 +weight: 90 sectionnumber: 9.2 --- diff --git a/content/en/docs/10/01/_index.en.md b/content/en/docs/10/01/_index.en.md index 43fbe42c..8da2b9b6 100644 --- a/content/en/docs/10/01/_index.en.md +++ b/content/en/docs/10/01/_index.en.md @@ -1,6 +1,6 @@ --- title: "10.1 Ansible-Builder" -weight: 99 +weight: 101 sectionnumber: 10.1 --- diff --git a/content/en/docs/10/02/_index.en.md b/content/en/docs/10/02/_index.en.md index 73caf1dd..3e3b529b 100644 --- a/content/en/docs/10/02/_index.en.md +++ b/content/en/docs/10/02/_index.en.md @@ -1,6 +1,6 @@ --- title: "10.2 Ansible-Runner" -weight: 99 +weight: 102 sectionnumber: 10.2 --- diff --git a/content/en/docs/10/_index.en.md b/content/en/docs/10/_index.en.md index eb89164b..275370ee 100644 --- a/content/en/docs/10/_index.en.md +++ b/content/en/docs/10/_index.en.md @@ -1,6 +1,6 @@ --- title: 10. Ansible-Navigator -weight: 99 +weight: 100 sectionnumber: 10 --- diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index cd27c288..dabba97c 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -1,6 +1,6 @@ --- title: 11. Event Driven Ansible -weight: 11 +weight: 110 sectionnumber: 11 --- From 3ec1b5ca894f9d74b1c7f890d8e7efe558fb5fc4 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Tue, 9 May 2023 08:05:24 +0200 Subject: [PATCH 35/65] better warning --- content/en/docs/11/_index.en.md | 58 ++++++++++++++++++++++++++++++--- 1 file changed, 54 insertions(+), 4 deletions(-) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index dabba97c..3d21e5f0 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -4,10 +4,11 @@ weight: 110 sectionnumber: 11 --- -In this lab we are going to learn how to use Event Driven Ansible. For the following tasks, server 'node1' and 'node2' act as webservers. You can use Lab 4.0 as a guideline. +In this lab we are going to learn how to use Event Driven Ansible. For the following tasks, server `node1` and `node2` act as webservers. You can use Lab 4.0 as a guideline. {{% alert title="Note" color="primary" %}} Note, that as of Mai 2023, EDA is still in developer preview state. Documentation and all content is work in progress! +The installation of `ansible-rulebook` and the `ansible.eda` collection works fine on newer Fedora Systems. At present times, you could have a harder time on other operating systems. Be warned... {{% /alert %}} ### Task 2 @@ -86,6 +87,7 @@ $ lynx http:// * Write a rulebook `webserver_rulebook.yml` that checks if the webpages on `node1` and `node2` are up and running. * If the webpages are not available anymore, the `webserver.yml` playbook should be re-run. * Use `url_check` from the `ansible.eda` collection as the source plugin in your rulebook. +* Check the availability of the websites every 8 seconds. {{% alert title="Note" color="primary" %}} If you don't have the `ansible.eda` collection installed yet, `ansible-rulebook` would start, but fail because the `url_check` source plugin cannot be found. @@ -103,7 +105,7 @@ $ cat webserver_rulebook.yml` urls: - http://:80/ - http://:80/ - delay: 10 + delay: 8 rules: - name: check if site down and rebuild condition: event.url_check.status == "down" @@ -129,7 +131,7 @@ ansible node1 -i inventory/hosts -b -m service -a "name=httpd state=stopped" ### Task 5 * Write the rulebook `webhook_rulebook.yml` that opens a webhook on port 5000 of the control node `control0`. -* The rulebook should re-run the playbook `webserver.yml` if the webhook receives a message "webservers down". +* The rulebook should re-run the playbook `webserver.yml` if the webhook receives a message matching exactly the string "webservers down". * Use `webhook` from the `ansible.eda` collection as the source plugin in your rulebook. {{% details title="Solution Task 5" %}} @@ -172,9 +174,57 @@ curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers down\"}" ### Task 7 -* What source plugins are available in the `ansible.eda` collection? +* Write the rulebook `complex_rulebook.yml`. It has to meet the following requirements: +* It should check for three things: + * check if the website on one of the two webservers is down. (Same as Task 3 above) + * check if the message matches exactly the string "webservers down" (Same as Task 5 above) + * check if the message contains the string "ERROR" +* If one of the criterias above are met, do two things: + 1. run the ansible shell module to print the string "WEBSERVER ISSUES, REMEDIATION IN PROGRESS." into the journald log. (The command to do so is "systemd-cat echo "WEBSERVER ISSUES, REMEDIATION IN PROGRESS.") + 2. run playbook `webservers.yml` +* Start the rulebook `complex_rulebook.yml` and do the same test as in Task 4 and Task 6. {{% details title="Solution Task 7" %}} +```bash +$ cat complex_rulebook.yml +--- +- name: rebuild webserver if webhook receives message that matches rule condition + hosts: web + sources: + - name: check webserver + ansible.eda.url_check: + urls: + - http://:80/ + - http://:80/ + delay: 8 + - name: start webhook and listen for messages + ansible.eda.webhook: + host: 0.0.0.0 + port: 5000 + rules: + - name: rebuild webserver if any source reports an alert + condition: + any: + - event.url_check.status == "down" + - event.payload.message == "webservers down" + - event.payload.message is search("ERROR",ignorecase=true) + actions: + - run_module: + name: ansible.builtin.shell + module_args: + cmd: "logger \"WEBSERVER ISSUES, STARTING REMEDIATION NEXT.\"" + - run_playbook: + name: webserver.yml + +$ ansible-rulebook --rulebook complex_rulebook.yml -i inventory/hosts --verbose +``` +{{% /details %}} + +### Task 8 + +* What source plugins are available in the `ansible.eda` collection? + +{{% details title="Solution Task 8" %}} [Event Driven Ansible on Github](https://github.com/ansible/event-driven-ansible/tree/main/extensions/eda/plugins/event_source) {{% /details %}} From 60603cc210116dbc996411e3afacc38fff402b60 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Tue, 9 May 2023 08:10:53 +0200 Subject: [PATCH 36/65] fix wrong cmd --- content/en/docs/11/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index 3d21e5f0..406449a7 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -212,7 +212,7 @@ $ cat complex_rulebook.yml - run_module: name: ansible.builtin.shell module_args: - cmd: "logger \"WEBSERVER ISSUES, STARTING REMEDIATION NEXT.\"" + cmd: "systemd-cat echo \"WEBSERVER ISSUES, STARTING REMEDIATION NEXT.\"" - run_playbook: name: webserver.yml From 36074fd90f85ee08b9b23cbd38c9a00e2b5e9c39 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Thu, 25 May 2023 12:12:58 +0200 Subject: [PATCH 37/65] add next ansible workshop on landingpage --- content/en/_index.html | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/en/_index.html b/content/en/_index.html index 58b81d64..9455d296 100644 --- a/content/en/_index.html +++ b/content/en/_index.html @@ -16,6 +16,11 @@ Slides
+
+ + Next Ansible Workshop + +
Ansible Engineering From cab17f56235a8f954990394fc9f79dd871d794cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sascha=20R=C3=BCger?= Date: Fri, 16 Jun 2023 16:23:55 +0200 Subject: [PATCH 38/65] added yamls for route ressorces (#200) * added yamls for route ressorces * remove old ingress yamls * remove old suffixes from route names --- yaml/slides_prod/slides_ingress_prod.yaml | 23 ---------------------- yaml/slides_prod/slides_route_prod.yaml | 24 +++++++++++++++++++++++ yaml/slides_stg/slides_ingress_stg.yaml | 23 ---------------------- yaml/slides_stg/slides_route_stg.yaml | 24 +++++++++++++++++++++++ 4 files changed, 48 insertions(+), 46 deletions(-) delete mode 100644 yaml/slides_prod/slides_ingress_prod.yaml create mode 100644 yaml/slides_prod/slides_route_prod.yaml delete mode 100644 yaml/slides_stg/slides_ingress_stg.yaml create mode 100644 yaml/slides_stg/slides_route_stg.yaml diff --git a/yaml/slides_prod/slides_ingress_prod.yaml b/yaml/slides_prod/slides_ingress_prod.yaml deleted file mode 100644 index 85f26f75..00000000 --- a/yaml/slides_prod/slides_ingress_prod.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - labels: - app.kubernetes.io/instance: slides - app.kubernetes.io/name: ansible-slides - public: "true" - name: ansible-slides - namespace: pitc-ansible-training-prod -spec: - rules: - - host: ansible-slides.puzzle.ch - http: - paths: - - backend: - service: - name: ansible-slides - port: - number: 8000 - path: / - pathType: ImplementationSpecific - tls: - - {} diff --git a/yaml/slides_prod/slides_route_prod.yaml b/yaml/slides_prod/slides_route_prod.yaml new file mode 100644 index 00000000..df92837f --- /dev/null +++ b/yaml/slides_prod/slides_route_prod.yaml @@ -0,0 +1,24 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + annotations: + haproxy.router.openshift.io/hsts_header: max-age=31536000;includeSubDomains;preload + labels: + app.kubernetes.io/instance: slides + app.kubernetes.io/name: ansible-slides + public: "true" + name: ansible-slides + namespace: pitc-ansible-training-prod +spec: + host: ansible-slides.puzzle.ch + path: / + port: + targetPort: http + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: ansible-slides + weight: 100 + wildcardPolicy: None diff --git a/yaml/slides_stg/slides_ingress_stg.yaml b/yaml/slides_stg/slides_ingress_stg.yaml deleted file mode 100644 index c1cabd98..00000000 --- a/yaml/slides_stg/slides_ingress_stg.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - labels: - app.kubernetes.io/instance: slides - app.kubernetes.io/name: ansible-slides - public: "true" - name: ansible-slides - namespace: pitc-ansible-training-stg -spec: - rules: - - host: ansible-slides-stg.puzzle.ch - http: - paths: - - backend: - service: - name: ansible-slides - port: - number: 8000 - path: / - pathType: ImplementationSpecific - tls: - - {} diff --git a/yaml/slides_stg/slides_route_stg.yaml b/yaml/slides_stg/slides_route_stg.yaml new file mode 100644 index 00000000..78b1d073 --- /dev/null +++ b/yaml/slides_stg/slides_route_stg.yaml @@ -0,0 +1,24 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + annotations: + haproxy.router.openshift.io/hsts_header: max-age=31536000;includeSubDomains;preload + labels: + app.kubernetes.io/instance: slides + app.kubernetes.io/name: ansible-slides + public: "true" + name: ansible-slides + namespace: pitc-ansible-training-stg +spec: + host: ansible-slides-stg.puzzle.ch + path: / + port: + targetPort: http + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: ansible-slides + weight: 100 + wildcardPolicy: None From 969834f7f1594e2d8e072c7c1d3dfb08de18853f Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Tue, 27 Jun 2023 13:26:24 +0200 Subject: [PATCH 39/65] eda lab about event content --- content/en/docs/11/01/_index.en.md | 149 +++++++++++++++++++++++++++++ content/en/docs/11/_index.en.md | 107 +++++++++------------ 2 files changed, 192 insertions(+), 64 deletions(-) create mode 100644 content/en/docs/11/01/_index.en.md diff --git a/content/en/docs/11/01/_index.en.md b/content/en/docs/11/01/_index.en.md new file mode 100644 index 00000000..d233923e --- /dev/null +++ b/content/en/docs/11/01/_index.en.md @@ -0,0 +1,149 @@ +--- +title: 11.1. Event Driven Ansible - Events and Facts +weight: 111 +sectionnumber: 11 +--- + +In this lab we will have a closer look at events and facts. + +### Task 1 + +* Copy the rulebook from Task 11.3. to new one with the name `debug_event_rulebook.yml`. +* Substitute the `run_playbook` action with a `debug` action. +That debug action should print out all information inside the event. +* Run the rulebook in verbose mode and look at the part of the output generated by the debug action. + +{{% details title="Solution Task 1" %}} +```bash +cat debug_event_rulebook.ym` +``` +```bash +--- +- name: show event json if site down + hosts: web + sources: + - name: check webserver + ansible.eda.url_check: + urls: + - http://:80/ + - http://:80/ + delay: 8 + rules: + - name: check if site down and rebuild + condition: event.url_check.status == "down" + action: + debug: + var: event +``` + +```bash +ansible-rulebook --rulebook debug_event_rulebook.yml -i inventory/hosts -vv +``` +```bash +... +2023-06-26 15:04:55,381 - ansible_rulebook.rule_set_runner - INFO - call_action debug +2023-06-26 15:04:55,381 - ansible_rulebook.rule_set_runner - INFO - substitute_variables [{'var': 'event'}] [{'event': {'url_check': {'error_msg': "Cannot connect to host 5.102.146.223:80 ssl:default [Connect call failed ('5.102.146.223', 80)]", 'url': 'http://5.102.146.223/', 'status': 'down'}, 'meta': {'received_at': '2023-06-26T13:04:55.379428Z', 'source': {'name': 'check webserver', 'type': 'ansible.eda.url_check'}, 'uuid': '6710f9a8-c489-4699-a804-8e796855e290'}}}] +2023-06-26 15:04:55,381 - ansible_rulebook.rule_set_runner - INFO - action args: {'var': 'event'} +{'url_check': {'error_msg': "Cannot connect to host 5.102.146.223:80 ssl:default [Connect call failed ('5.102.146.223', 80)]", 'url': 'http://5.102.146.223/', 'status': 'down'}, 'meta': {'received_at': '2023-06-26T13:04:55.379428Z', 'source': {'name': 'check webserver', 'type': 'ansible.eda.url_check'}, 'uuid': '6710f9a8-c489-4699-a804-8e796855e290'}} +... +``` +{{% /details %}} + +### Task 2 + +* Rewrite the rulebook `debug_event_rulebook.yml`: +* Use `run_playbook` action to start a playbook named `sos.yml` +* The playbook `sos.yml` should create an unattended sos report labeled with the fully qualified collection name of the source plugin used. Be sure to install the appropriate packages. +* This name of the source plugin should be taken from the json output as a variable. +* Run the rulebook `debug_event_rulebook.yml` and ensure the sos reports on the webservers have the needed label. + + +{{% alert title="Note" color="primary" %}} +There are good onlinetools to convert [one-line json to multiline json](https://jsonformatter.curiousconcept.com) as well as [json to yaml converters](https://jsonformatter.org/json-to-yaml). Note: The json copied from the output has sometimes single quotes, RFC 8259 demands double quotes. Be sure that your converter fixes this as well. These converters can come in handy for easier reading of the output. +{{% /alert %}} + +{{% details title="Solution Task 2" %}} +```bash +cat debug_event_rulebook.yml +``` +```bash +--- +- name: show event json if site down + hosts: web + sources: + - name: check webserver + ansible.eda.url_check: + urls: + - http://:80/ + - http://:80/ + delay: 8 + rules: + - name: check if site down and rebuild + condition: event.url_check.status == "down" + action: + run_playbook: + name: sos.yml +``` + +```bash +cat sos.yml +``` +```bash +--- +- hosts: web + become: true + tasks: + - name: install sos package + ansible.builtin.dnf: + name: + - sos + state: installed + + - name: create a sos report unattended containing no sensitive information + ansible.builtin.command: "sos report --clean --batch --label {{ ansible_eda.event.meta.source.type }}" +``` + +```bash +ansible-rulebook --rulebook debug_event_rulebook.yml -i inventory/hosts -vv +``` +```bash +... +2023-06-27 11:45:17,300 - ansible_rulebook.builtin - INFO - Calling Ansible runner + +PLAY [web] ********************************************************************* + +TASK [Gathering Facts] ********************************************************* +ok: [node1] + +TASK [install sos package] ***************************************************** +ok: [node1] + +TASK [create a sos report unattended containing no sensitive information] ****** +ok: [node1] => { + "msg": "sos report --clean --batch --label ansible.eda.url_check" +} + +PLAY RECAP ********************************************************************* +node1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +2023-06-27 11:45:20,712 - ansible_rulebook.builtin - DEBUG - Cancel Queue reading task +... +``` +{{% /details %}} + +### Task 3 + +* + +{{% alert title="Note" color="primary" %}} + +{{% /alert %}} + +{{% details title="Solution Task 3" %}} + +{{% /details %}} + + + +### All done? + +* [Preview of AAP EDA-Controller GUI](https://www.youtube.com/watch?v=7i_EzHyrKQc&t=178s) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index 406449a7..e02b368f 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -7,11 +7,11 @@ sectionnumber: 11 In this lab we are going to learn how to use Event Driven Ansible. For the following tasks, server `node1` and `node2` act as webservers. You can use Lab 4.0 as a guideline. {{% alert title="Note" color="primary" %}} -Note, that as of Mai 2023, EDA is still in developer preview state. Documentation and all content is work in progress! -The installation of `ansible-rulebook` and the `ansible.eda` collection works fine on newer Fedora Systems. At present times, you could have a harder time on other operating systems. Be warned... +Note, that as of June 2023, EDA is still in developer preview state. Documentation and all content is work in progress! +The installation of `ansible-rulebook` and the `ansible.eda` collection works fine on newer Fedora Systems as well as RHEL / Rocky Linux 9. At present times, you could have a harder time on other operating systems. Be warned... {{% /alert %}} -### Task 2 +### Task 1 * Point your webbrowser to the official documentation of `ansible-rulebook`. * Install and configure everything needed to run ansible-rulebook and source plugins. @@ -21,12 +21,32 @@ The installation of `ansible-rulebook` and the `ansible.eda` collection works fi [https://ansible-rulebook.readthedocs.io/en/stable/index.html](https://ansible-rulebook.readthedocs.io/en/stable/index.html) +Fedora 36+: ```bash sudo dnf --assumeyes install java-17-openjdk python3-pip export JAVA_HOME=/usr/lib/jvm/jre-17-openjdk pip install ansible ansible-rulebook ansible-galaxy collection install ansible.eda ``` + +Enterprise Linux 9: +```bash +sudo dnf install java-17-openjdk +sudo dnf install python3-pip +python3 -m venv ~/python +. ~/python/bin/activate +pip install --upgrade pip +pip install ansible ansible-rulebook + +ansible-galaxy collection install ansible.eda + +sudo dnf install systemd-devel +sudo dnf install gcc +sudo dnf install python3-devel + +pip install -r ~/.ansible/collections/ansible_collections/ansible/eda/requirements.txt +``` + {{% /details %}} ### Task 2 @@ -38,7 +58,9 @@ ansible-galaxy collection install ansible.eda {{% details title="Solution Task 2" %}} ```bash -$ cat webserver.yml` +cat webserver.yml +``` +```bash --- - hosts: web become: true @@ -65,20 +87,23 @@ $ cat webserver.yml` state: enabled permanent: yes immediate: yes - -$ cat inventory/hosts +``` +```bash +cat inventory/hosts +``` +```bash [controller] control0 ansible_host= [web] node1 ansible_host= node2 ansible_host= - -$ ansible-playbook -i inventory/hosts webserver.yml -$ dnf install -y lynx -$ lynx http:// -$ lynx http:// - +``` +```bash +ansible-playbook -i inventory/hosts webserver.yml +dnf install -y lynx +lynx http:// +lynx http:// ``` {{% /details %}} @@ -128,6 +153,7 @@ ansible node1 -i inventory/hosts -b -m service -a "name=httpd state=stopped" ``` {{% /details %}} + ### Task 5 * Write the rulebook `webhook_rulebook.yml` that opens a webhook on port 5000 of the control node `control0`. @@ -165,66 +191,19 @@ $ cat webhook_rulebook.yml {{% details title="Solution Task 6" %}} ```bash ansible-rulebook --rulebook webhook_rulebook.yml -i inventory/hosts --verbose - +``` +```bash curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers running\"}" 127.0.0.1:5000/endpoint - -curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers down\"}" 127.0.0.1:5000/endpoint ``` -{{% /details %}} - -### Task 7 - -* Write the rulebook `complex_rulebook.yml`. It has to meet the following requirements: -* It should check for three things: - * check if the website on one of the two webservers is down. (Same as Task 3 above) - * check if the message matches exactly the string "webservers down" (Same as Task 5 above) - * check if the message contains the string "ERROR" -* If one of the criterias above are met, do two things: - 1. run the ansible shell module to print the string "WEBSERVER ISSUES, REMEDIATION IN PROGRESS." into the journald log. (The command to do so is "systemd-cat echo "WEBSERVER ISSUES, REMEDIATION IN PROGRESS.") - 2. run playbook `webservers.yml` -* Start the rulebook `complex_rulebook.yml` and do the same test as in Task 4 and Task 6. - -{{% details title="Solution Task 7" %}} ```bash -$ cat complex_rulebook.yml ---- -- name: rebuild webserver if webhook receives message that matches rule condition - hosts: web - sources: - - name: check webserver - ansible.eda.url_check: - urls: - - http://:80/ - - http://:80/ - delay: 8 - - name: start webhook and listen for messages - ansible.eda.webhook: - host: 0.0.0.0 - port: 5000 - rules: - - name: rebuild webserver if any source reports an alert - condition: - any: - - event.url_check.status == "down" - - event.payload.message == "webservers down" - - event.payload.message is search("ERROR",ignorecase=true) - actions: - - run_module: - name: ansible.builtin.shell - module_args: - cmd: "systemd-cat echo \"WEBSERVER ISSUES, STARTING REMEDIATION NEXT.\"" - - run_playbook: - name: webserver.yml - -$ ansible-rulebook --rulebook complex_rulebook.yml -i inventory/hosts --verbose +curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers down\"}" 127.0.0.1:5000/endpoint ``` {{% /details %}} -### Task 8 - +### Task 7 * What source plugins are available in the `ansible.eda` collection? -{{% details title="Solution Task 8" %}} +{{% details title="Solution Task 10" %}} [Event Driven Ansible on Github](https://github.com/ansible/event-driven-ansible/tree/main/extensions/eda/plugins/event_source) {{% /details %}} From 87d7ec77ce3ef3d5109e29d59acc55d3df76d552 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Tue, 27 Jun 2023 13:41:24 +0200 Subject: [PATCH 40/65] re-add task --- content/en/docs/11/_index.en.md | 57 +++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index e02b368f..701a9b01 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -201,6 +201,63 @@ curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers down\"}" {{% /details %}} ### Task 7 + +* Write the rulebook `complex_rulebook.yml`. It has to meet the following requirements: +* It should check for three things: + * check if the website on one of the two webservers is down. (Same as Task 3 above) + * check if the message matches exactly the string "webservers down" (Same as Task 5 above) + * check if the message contains the string "ERROR" +* If one of the criterias above are met, do two things: + 1. run the ansible shell module to print the string "WEBSERVER ISSUES, REMEDIATION IN PROGRESS." into the journald log. (The command to do so is "systemd-cat echo "WEBSERVER ISSUES, REMEDIATION IN PROGRESS.") + 2. run playbook `webservers.yml` +* Start the rulebook `complex_rulebook.yml` and do the same test as in Task 4 and Task 6. + +{{% details title="Solution Task 7" %}} + +```bash +cat complex_rulebook.yml +``` +```bash +--- +- name: rebuild webserver if webhook receives message that matches rule condition + hosts: web + sources: + - name: check webserver + ansible.eda.url_check: + urls: + - http://:80/ + - http://:80/ + delay: 8 + - name: start webhook and listen for messages + ansible.eda.webhook: + host: 0.0.0.0 + port: 5000 + rules: + - name: rebuild webserver if any source reports an alert + condition: + any: + - event.url_check.status == "down" + - event.payload.message == "webservers down" + - event.payload.message is search("ERROR",ignorecase=true) + actions: + - run_module: + name: ansible.builtin.shell + module_args: + cmd: "systemd-cat echo \"WEBSERVER ISSUES, STARTING REMEDIATION NEXT.\"" + - run_playbook: + name: webserver.yml +``` + +```bash +ansible-rulebook --rulebook complex_rulebook.yml -i inventory/hosts --verbose +``` +```bash +curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers down\"}" 127.0.0.1:5000/endpoint +``` +Note, that you would have to open port 5000 on the firewall if the curl command is not send from the controller itself. +{{% /details %}} + +### Task 9 * What source plugins are available in the `ansible.eda` collection? {{% details title="Solution Task 10" %}} From 45ffae42d096e031d98b75c6b6da96d414d2fee2 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Tue, 27 Jun 2023 13:56:46 +0200 Subject: [PATCH 41/65] linting --- content/en/docs/11/01/_index.en.md | 14 -------------- content/en/docs/11/_index.en.md | 1 + 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/content/en/docs/11/01/_index.en.md b/content/en/docs/11/01/_index.en.md index d233923e..b39594b1 100644 --- a/content/en/docs/11/01/_index.en.md +++ b/content/en/docs/11/01/_index.en.md @@ -130,20 +130,6 @@ node1 : ok=3 changed=0 unreachable=0 failed=0 s ``` {{% /details %}} -### Task 3 - -* - -{{% alert title="Note" color="primary" %}} - -{{% /alert %}} - -{{% details title="Solution Task 3" %}} - -{{% /details %}} - - - ### All done? * [Preview of AAP EDA-Controller GUI](https://www.youtube.com/watch?v=7i_EzHyrKQc&t=178s) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index 701a9b01..d2a8cfe9 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -258,6 +258,7 @@ Note, that you would have to open port 5000 on the firewall if the curl command {{% /details %}} ### Task 9 + * What source plugins are available in the `ansible.eda` collection? {{% details title="Solution Task 10" %}} From cea91a57a6122610d63a3a994f5dc252e44181f9 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Tue, 27 Jun 2023 16:29:35 +0200 Subject: [PATCH 42/65] add eda slides --- content/en/docs/11/01/_index.en.md | 6 +- slides/ansible-techlab/puzzle-demo.md | 183 ++++++++++++++++++++++++-- 2 files changed, 177 insertions(+), 12 deletions(-) diff --git a/content/en/docs/11/01/_index.en.md b/content/en/docs/11/01/_index.en.md index b39594b1..842bee71 100644 --- a/content/en/docs/11/01/_index.en.md +++ b/content/en/docs/11/01/_index.en.md @@ -10,7 +10,7 @@ In this lab we will have a closer look at events and facts. * Copy the rulebook from Task 11.3. to new one with the name `debug_event_rulebook.yml`. * Substitute the `run_playbook` action with a `debug` action. -That debug action should print out all information inside the event. +* That debug action should print out all information from the event. * Run the rulebook in verbose mode and look at the part of the output generated by the debug action. {{% details title="Solution Task 1" %}} @@ -53,8 +53,8 @@ ansible-rulebook --rulebook debug_event_rulebook.yml -i inventory/hosts -vv * Rewrite the rulebook `debug_event_rulebook.yml`: * Use `run_playbook` action to start a playbook named `sos.yml` -* The playbook `sos.yml` should create an unattended sos report labeled with the fully qualified collection name of the source plugin used. Be sure to install the appropriate packages. -* This name of the source plugin should be taken from the json output as a variable. +* The playbook `sos.yml` should create an unattended sos report labeled with the fully qualified collection name of the source plugin used. Be sure to install the appropriate packages so that the sos report can be created. +* The name of the source plugin should be taken from the json output as a variable. * Run the rulebook `debug_event_rulebook.yml` and ensure the sos reports on the webservers have the needed label. diff --git a/slides/ansible-techlab/puzzle-demo.md b/slides/ansible-techlab/puzzle-demo.md index 1356728b..cfb49513 100644 --- a/slides/ansible-techlab/puzzle-demo.md +++ b/slides/ansible-techlab/puzzle-demo.md @@ -1,14 +1,27 @@ # Ansible Techlab + ### ansible.puzzle.ch + #### Lukas Grimm + + #### Lukas Preisig - -#### Rémy Keil + +#### Philippe Schmid + + + + + + + ----- +--- + ## Nice to meet you + - +---- +# Event Driven Ansible + + *** -# Lab 8. Ansible Collections +## History - +- Feb 2022: ansible-rulebook on Github +- Dec 2022: Dev Preview RH +- Mai 2023: Part of AWX/AAP 2.4 ----- + + +*** +## Basics + +- if-then logic +- cli component of EDA: ansible-rulebook + + + +*** +## Playbook vs Rulebook + +- ansible-runner, ansible-playbok + - starts when defined by user +- ansible-rulebook + - daemon, waits for event + + + +*** +## Getting Info + +- https://ansible-rulebook.readthedocs.io +- https://www.redhat.com/en/interactive-labs/ +- https://www.ansible.com/blog +- https://ansible.puzzle.ch + + + +*** +## Glossary + +- Rulebook: one ore many Rulesets +- Ruleset: Source(s), Rule(s) +- Rule: Condition(s) (IF), Action(s) (THEN) + + + +*** +## Sources + +- alertmanager, zabbix, sensu +- Paolo Alto, F5, Cisco +- Azure, GCP, AWS +- many more to come... + + + +*** +## Conditions + +"if-part" +- int, strings, bools, floats, null +- regexp + + + +*** +## Actions + +"then-part" +- run_playbook +- run_job_template +- debug, set_fact, run_module,... + + +*** +## Getting Info + +- https://ansible-rulebook.readthedocs.io +- https://www.redhat.com/en/interactive-labs/ +- https://www.ansible.com/blog +- https://ansible.puzzle.ch + + + +*** +## Installation + +- ansible-rulebook (python package) +- ansible.eda (collection) +- java17 / drools + + + +*** +## How to use it + +ansible-rulebook --rulebook my_rb.yml -i hosts + + + +*** +## Sample Rulebook + +- name: rebuild webservers if site down + hosts: web + sources: + - ansible.eda.url_check: + urls: + - http://:80/ + rules: + - condition: event.url_check.status == "down" + action: + run_playbook: + + + +*** +## Event-Source Information + +- events -> json +- accessible inside playbook with: + "{{ ansible_eda.event(s) }}" + + + +*** +## Events vs Facts + +- technically the same +- events are discarded right after condition met +- facts are longlived events + + + +*** +## Facts + +- set with set_facts action +- retracted with retract_facts action +- only valid per ruleset (!!!) + + + +---- # Best Practices *** - ## Ansible Docs: - Have a look at the EXAMPLE section in the module documentation - Very interesting tips: From 82dbdbd8c5a094a240556f8b5a46b60821c4957e Mon Sep 17 00:00:00 2001 From: Tim Herren Date: Tue, 27 Jun 2023 16:53:51 +0200 Subject: [PATCH 43/65] remove extra backtick --- content/en/docs/11/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index d2a8cfe9..6a584365 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -120,7 +120,7 @@ If you don't have the `ansible.eda` collection installed yet, `ansible-rulebook` {{% details title="Solution Task 3" %}} ```bash -$ cat webserver_rulebook.yml` +$ cat webserver_rulebook.yml --- - name: rebuild webservers if site down hosts: web From 32efc0be0d9fc56268a379e2107977e8079f835a Mon Sep 17 00:00:00 2001 From: Friendlypenguin Date: Wed, 28 Jun 2023 08:26:20 +0200 Subject: [PATCH 44/65] Update content/en/docs/11/_index.en.md Co-authored-by: Tim Herren --- content/en/docs/11/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index 6a584365..0889bc28 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -7,7 +7,7 @@ sectionnumber: 11 In this lab we are going to learn how to use Event Driven Ansible. For the following tasks, server `node1` and `node2` act as webservers. You can use Lab 4.0 as a guideline. {{% alert title="Note" color="primary" %}} -Note, that as of June 2023, EDA is still in developer preview state. Documentation and all content is work in progress! +Note, that as of June 2023, EDA is still in a developer preview state. Documentation and all content is work in progress! The installation of `ansible-rulebook` and the `ansible.eda` collection works fine on newer Fedora Systems as well as RHEL / Rocky Linux 9. At present times, you could have a harder time on other operating systems. Be warned... {{% /alert %}} From 13b7e4f51578e3b57b46eba4b49f4e31d9072856 Mon Sep 17 00:00:00 2001 From: Friendlypenguin Date: Wed, 28 Jun 2023 08:26:35 +0200 Subject: [PATCH 45/65] Update content/en/docs/11/_index.en.md Co-authored-by: Tim Herren --- content/en/docs/11/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index 0889bc28..41e68b5a 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -243,7 +243,7 @@ cat complex_rulebook.yml - run_module: name: ansible.builtin.shell module_args: - cmd: "systemd-cat echo \"WEBSERVER ISSUES, STARTING REMEDIATION NEXT.\"" + cmd: "systemd-cat echo \"WEBSERVER ISSUES, REMEDIATION IN PROGRESS.\"" - run_playbook: name: webserver.yml ``` From d11a70432add148f747f58ecfe1662a6422d89f2 Mon Sep 17 00:00:00 2001 From: Friendlypenguin Date: Wed, 28 Jun 2023 08:27:14 +0200 Subject: [PATCH 46/65] Update content/en/docs/11/01/_index.en.md Co-authored-by: Tim Herren --- content/en/docs/11/01/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/11/01/_index.en.md b/content/en/docs/11/01/_index.en.md index 842bee71..056f3495 100644 --- a/content/en/docs/11/01/_index.en.md +++ b/content/en/docs/11/01/_index.en.md @@ -8,7 +8,7 @@ In this lab we will have a closer look at events and facts. ### Task 1 -* Copy the rulebook from Task 11.3. to new one with the name `debug_event_rulebook.yml`. +* Copy the rulebook from Task 11.3. to a new one with the name `debug_event_rulebook.yml`. * Substitute the `run_playbook` action with a `debug` action. * That debug action should print out all information from the event. * Run the rulebook in verbose mode and look at the part of the output generated by the debug action. From 2cb1ff9336dd77b6fc388d7b1df5c26033729b7a Mon Sep 17 00:00:00 2001 From: Friendlypenguin Date: Wed, 28 Jun 2023 09:06:18 +0200 Subject: [PATCH 47/65] Update _index.en.md add result of ansible-rulebook --version as nerrehmit suggested --- content/en/docs/11/_index.en.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index 41e68b5a..61ed3393 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -47,6 +47,18 @@ sudo dnf install python3-devel pip install -r ~/.ansible/collections/ansible_collections/ansible/eda/requirements.txt ``` +```bash +ansible-rulebook --version +``` +Output on EL9: +```bash +version__ = '1.0.0' +Executable location = /home/ansible/python/bin/ansible-rulebook +Drools_jpy version = 0.3.4 +Java home = /usr/lib/jvm/java-17-openjdk-17.0.7.0.7-3.el9.x86_64 +Java version = 17.0.7 +Python version = 3.9.16 (main, Dec 8 2022, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] +``` {{% /details %}} ### Task 2 From 6ac48f445879d9f2d703b3b6d535ef129925d094 Mon Sep 17 00:00:00 2001 From: Christian Haller Date: Wed, 26 Jul 2023 09:53:17 +0200 Subject: [PATCH 48/65] Add ingressClass to ingress (#202) Add ingressClass to ingress, to follow best practice. --- helm-chart/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 61a6f526..aa346f40 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -12,6 +12,7 @@ acendTraining: podAnnotations: puzzle.ch/logtenant: general ingress: + ingressClassName: openshift-public labels: public: "true" useDefaultSecret: true From 9a229267decd8c07eb0f2ec19267e821145cd978 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Wed, 16 Aug 2023 17:19:31 +0200 Subject: [PATCH 49/65] revision of lab 11.0 --- content/en/docs/11/_index.en.md | 36 +++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index 61ed3393..1a191281 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -6,16 +6,11 @@ sectionnumber: 11 In this lab we are going to learn how to use Event Driven Ansible. For the following tasks, server `node1` and `node2` act as webservers. You can use Lab 4.0 as a guideline. -{{% alert title="Note" color="primary" %}} -Note, that as of June 2023, EDA is still in a developer preview state. Documentation and all content is work in progress! -The installation of `ansible-rulebook` and the `ansible.eda` collection works fine on newer Fedora Systems as well as RHEL / Rocky Linux 9. At present times, you could have a harder time on other operating systems. Be warned... -{{% /alert %}} - ### Task 1 * Point your webbrowser to the official documentation of `ansible-rulebook`. * Install and configure everything needed to run ansible-rulebook and source plugins. -* Check version of 'ansible-rulebook' +* Check the version of `ansible-rulebook` {{% details title="Solution Task 1" %}} @@ -64,6 +59,7 @@ Python version = 3.9.16 (main, Dec 8 2022, 00:00:00) [GCC 11.3.1 20221121 (Red ### Task 2 * Write a playbook `webserver.yml` that installs the servers in group `web` as webservers. See Lab 4.0 for guidelines. +* Ensure that the playbook also sets a webpage at `/var/www/html/index.html`. * Ensure that the inventory file `hosts` in the folder inventory has the group `web` with `node1` and `node2` as members. * Run the playbook `webserver.yml` and check that the webservers are up and running. @@ -88,6 +84,12 @@ cat webserver.yml name: httpd state: started enabled: yes + - name: put default webpage + ansible.builtin.copy: + content: "Ansible Labs by Puzzle ITC" + dest: /var/www/html/index.html + owner: root + group: root - name: start and enable firewalld ansible.builtin.service: name: firewalld @@ -113,7 +115,7 @@ node2 ansible_host= ``` ```bash ansible-playbook -i inventory/hosts webserver.yml -dnf install -y lynx +sudo dnf install -y lynx lynx http:// lynx http:// ``` @@ -132,7 +134,9 @@ If you don't have the `ansible.eda` collection installed yet, `ansible-rulebook` {{% details title="Solution Task 3" %}} ```bash -$ cat webserver_rulebook.yml +cat webserver_rulebook.yml +``` +```bash --- - name: rebuild webservers if site down hosts: web @@ -174,7 +178,9 @@ ansible node1 -i inventory/hosts -b -m service -a "name=httpd state=stopped" {{% details title="Solution Task 5" %}} ```bash -$ cat webhook_rulebook.yml +cat webhook_rulebook.yml +``` +```bash --- - name: rebuild webserver if webhook receives message that matches rule condition hosts: web @@ -220,9 +226,9 @@ curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers down\"}" * check if the message matches exactly the string "webservers down" (Same as Task 5 above) * check if the message contains the string "ERROR" * If one of the criterias above are met, do two things: - 1. run the ansible shell module to print the string "WEBSERVER ISSUES, REMEDIATION IN PROGRESS." into the journald log. (The command to do so is "systemd-cat echo "WEBSERVER ISSUES, REMEDIATION IN PROGRESS.") + 1. run the ansible shell module to print the string "WEBSERVER ISSUES, REMEDIATION IN PROGRESS." into the journald log. (Use the command `systemd-cat echo "WEBSERVER ISSUES, REMEDIATION IN PROGRESS."`) 2. run playbook `webservers.yml` -* Start the rulebook `complex_rulebook.yml` and do the same test as in Task 4 and Task 6. +* Start the rulebook `complex_rulebook.yml` and send the message "webservers down" to the webhook again. {{% details title="Solution Task 7" %}} @@ -266,14 +272,14 @@ ansible-rulebook --rulebook complex_rulebook.yml -i inventory/hosts --verbose ```bash curl -H 'Content-Type: application/json' -d "{\"message\": \"webservers down\"}" 127.0.0.1:5000/endpoint ``` -Note, that you would have to open port 5000 on the firewall if the curl command is not send from the controller itself. +Note, that you would have to open port 5000 on the firewall if the curl command is not sent from the controller itself. {{% /details %}} -### Task 9 +### Task 8 -* What source plugins are available in the `ansible.eda` collection? +* What source plugins are available in the `ansible.eda` collection? [Search the content of event-driven-ansible on github.com](https://github.com/ansible/event-driven-ansible). -{{% details title="Solution Task 10" %}} +{{% details title="Solution Task 8" %}} [Event Driven Ansible on Github](https://github.com/ansible/event-driven-ansible/tree/main/extensions/eda/plugins/event_source) {{% /details %}} From a68ab274414014a747bbae93f3a4e446c577191a Mon Sep 17 00:00:00 2001 From: Friendlypenguin Date: Thu, 17 Aug 2023 10:22:12 +0200 Subject: [PATCH 50/65] Update content/en/docs/11/_index.en.md Co-authored-by: Fabio Bertagna <33524186+DonGiovanni83@users.noreply.github.com> --- content/en/docs/11/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index 1a191281..2a30d7a8 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -180,7 +180,7 @@ ansible node1 -i inventory/hosts -b -m service -a "name=httpd state=stopped" ```bash cat webhook_rulebook.yml ``` -```bash +```yaml --- - name: rebuild webserver if webhook receives message that matches rule condition hosts: web From d62bd1f8afdd38b5d796343723a04a0dad39a868 Mon Sep 17 00:00:00 2001 From: Friendlypenguin Date: Thu, 17 Aug 2023 10:22:33 +0200 Subject: [PATCH 51/65] Update content/en/docs/11/_index.en.md Co-authored-by: Fabio Bertagna <33524186+DonGiovanni83@users.noreply.github.com> --- content/en/docs/11/_index.en.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index 2a30d7a8..b40e14d0 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -85,11 +85,11 @@ cat webserver.yml state: started enabled: yes - name: put default webpage - ansible.builtin.copy: - content: "Ansible Labs by Puzzle ITC" - dest: /var/www/html/index.html - owner: root - group: root + ansible.builtin.copy: + content: "Ansible Labs by Puzzle ITC" + dest: /var/www/html/index.html + owner: root + group: root - name: start and enable firewalld ansible.builtin.service: name: firewalld From 7f55b11f2ec5827307f19a1b19721b150cb337cd Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Wed, 16 Aug 2023 17:35:01 +0200 Subject: [PATCH 52/65] fix intendation --- content/en/docs/11/_index.en.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/content/en/docs/11/_index.en.md b/content/en/docs/11/_index.en.md index b40e14d0..5d3f43dd 100644 --- a/content/en/docs/11/_index.en.md +++ b/content/en/docs/11/_index.en.md @@ -84,12 +84,12 @@ cat webserver.yml name: httpd state: started enabled: yes - - name: put default webpage - ansible.builtin.copy: - content: "Ansible Labs by Puzzle ITC" - dest: /var/www/html/index.html - owner: root - group: root + - name: put default webpage + ansible.builtin.copy: + content: "Ansible Labs by Puzzle ITC" + dest: /var/www/html/index.html + owner: root + group: root - name: start and enable firewalld ansible.builtin.service: name: firewalld From 8aae35bba37d2ee8c9d1e074a57c9798a81e66c2 Mon Sep 17 00:00:00 2001 From: Philippe Schmid Date: Thu, 17 Aug 2023 10:42:52 +0200 Subject: [PATCH 53/65] revision of lab 11.1 --- content/en/docs/11/01/_index.en.md | 47 ++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/content/en/docs/11/01/_index.en.md b/content/en/docs/11/01/_index.en.md index 056f3495..78d6db66 100644 --- a/content/en/docs/11/01/_index.en.md +++ b/content/en/docs/11/01/_index.en.md @@ -8,14 +8,15 @@ In this lab we will have a closer look at events and facts. ### Task 1 -* Copy the rulebook from Task 11.3. to a new one with the name `debug_event_rulebook.yml`. +* Copy the rulebook from Lab 11 Task 3 to a new one with the name `debug_event_rulebook.yml`. * Substitute the `run_playbook` action with a `debug` action. * That debug action should print out all information from the event. -* Run the rulebook in verbose mode and look at the part of the output generated by the debug action. +* Stop the httpd service on node1. +* Run the rulebook in verbose mode. The debug action should show all information about the event. {{% details title="Solution Task 1" %}} ```bash -cat debug_event_rulebook.ym` +cat debug_event_rulebook.yml ``` ```bash --- @@ -29,13 +30,15 @@ cat debug_event_rulebook.ym` - http://:80/ delay: 8 rules: - - name: check if site down and rebuild + - name: check if site down and debug condition: event.url_check.status == "down" action: debug: var: event ``` - +```bash +ansible node1 -i inventory/hosts -b -m service -a "name=httpd state=stopped" +``` ```bash ansible-rulebook --rulebook debug_event_rulebook.yml -i inventory/hosts -vv ``` @@ -52,9 +55,12 @@ ansible-rulebook --rulebook debug_event_rulebook.yml -i inventory/hosts -vv ### Task 2 * Rewrite the rulebook `debug_event_rulebook.yml`: -* Use `run_playbook` action to start a playbook named `sos.yml` +* Use a `run_playbook` action to start a playbook named `sos.yml` * The playbook `sos.yml` should create an unattended sos report labeled with the fully qualified collection name of the source plugin used. Be sure to install the appropriate packages so that the sos report can be created. * The name of the source plugin should be taken from the json output as a variable. +* The creation of the sos report takes quite some time. +* Ensure that the condition is throttled to run the action once within 5 minutes at most. +* The delay of the source check should stay at 8 seconds. * Run the rulebook `debug_event_rulebook.yml` and ensure the sos reports on the webservers have the needed label. @@ -63,12 +69,14 @@ There are good onlinetools to convert [one-line json to multiline json](https:// {{% /alert %}} {{% details title="Solution Task 2" %}} +See the documentation on how to [throttle event storms](https://ansible.readthedocs.io/projects/rulebook/en/stable/conditions.html#throttle-actions-to-counter-event-storms-reactive). + ```bash cat debug_event_rulebook.yml ``` ```bash --- -- name: show event json if site down +- name: run sos playbook if site down hosts: web sources: - name: check webserver @@ -80,6 +88,10 @@ cat debug_event_rulebook.yml rules: - name: check if site down and rebuild condition: event.url_check.status == "down" + throttle: + once_within: 5 minutes + group_by_attributes: + - event.meta.source.type action: run_playbook: name: sos.yml @@ -100,7 +112,8 @@ cat sos.yml state: installed - name: create a sos report unattended containing no sensitive information - ansible.builtin.command: "sos report --clean --batch --label {{ ansible_eda.event.meta.source.type }}" + ansible.builtin.command: | + "sos report --clean --batch --label {{ ansible_eda.event.meta.source.type }}" ``` ```bash @@ -108,7 +121,9 @@ ansible-rulebook --rulebook debug_event_rulebook.yml -i inventory/hosts -vv ``` ```bash ... -2023-06-27 11:45:17,300 - ansible_rulebook.builtin - INFO - Calling Ansible runner +2023-06-28 11:15:53,766 - ansible_rulebook.builtin - INFO - ruleset: show event \ + json if site down, rule: check if site down and rebuild +2023-06-28 11:15:53,766 - ansible_rulebook.builtin - INFO - Calling Ansible runner PLAY [web] ********************************************************************* @@ -119,13 +134,15 @@ TASK [install sos package] ***************************************************** ok: [node1] TASK [create a sos report unattended containing no sensitive information] ****** -ok: [node1] => { - "msg": "sos report --clean --batch --label ansible.eda.url_check" -} - +changed: [node1] +... PLAY RECAP ********************************************************************* -node1 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 -2023-06-27 11:45:20,712 - ansible_rulebook.builtin - DEBUG - Cancel Queue reading task +node1 : ok=3 changed=1 unreachable=0 failed=0 +skipped=0 rescued=0 ignored=0 +2023-06-28 11:17:59,741 - ansible_rulebook.builtin - INFO - Ansible Runner \ + Queue task cancelled +2023-06-28 11:17:59,742 - ansible_rulebook.builtin - INFO - Playbook rc: 0, \ + status: successful ... ``` {{% /details %}} From b7a8b849a7c178cef3bb3e3fd6fdcb81c698ce33 Mon Sep 17 00:00:00 2001 From: ThisIsntTheWay Date: Thu, 17 Aug 2023 17:24:10 +0200 Subject: [PATCH 54/65] Echo empty line into secret_vars.yaml Just for good measure; In my environment, the second encrypt_string command was appended to the end of the lien instead of a new one --- content/en/docs/06/_index.en.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/en/docs/06/_index.en.md b/content/en/docs/06/_index.en.md index 6a309ed7..29de5f82 100644 --- a/content/en/docs/06/_index.en.md +++ b/content/en/docs/06/_index.en.md @@ -136,6 +136,7 @@ Look for an option to `ansible-vault` to give the name of the variable while enc ansible-vault decrypt secret_vars.yml echo "---" > secret_vars.yml ansible-vault encrypt_string jamesbond -n var_username >> secret_vars.yml +echo '' ansible-vault encrypt_string miss_moneypenny -n var_password >> secret_vars.yml ``` From d6a48317825ca4f89cd328cb0b6d38e7b1243a95 Mon Sep 17 00:00:00 2001 From: ThisIsntTheWay Date: Thu, 17 Aug 2023 17:25:27 +0200 Subject: [PATCH 55/65] T3: Make watch command consistent with description --- content/en/docs/04/04/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/04/04/_index.en.md b/content/en/docs/04/04/_index.en.md index e7dafed1..0b61a3bc 100644 --- a/content/en/docs/04/04/_index.en.md +++ b/content/en/docs/04/04/_index.en.md @@ -58,7 +58,7 @@ It's a best practice to use cronjobs to trigger `ansible-pull` run at a regular $ sudo vim /etc/cron.d/ansible-pull #create the file with the content -> $ cat /etc/cron.d/ansible-pull * * * * * ansible /usr/bin/ansible-pull -U https://github.com/puzzle/ansible-techlab -i resources/ansible-pull/hosts resources/ansible-pull/local.yml -$ sudo rm -f /etc/motd; watch cat /etc/motd +$ sudo rm -f /etc/motd; watch -n 1 cat /etc/motd ``` {{% /details %}} From 679391b18376f96cb0bf4649135d78b87e148c77 Mon Sep 17 00:00:00 2001 From: ThisIsntTheWay Date: Thu, 17 Aug 2023 17:26:28 +0200 Subject: [PATCH 56/65] T1: Get ansible output up-to-date, improve code block formatting --- content/en/docs/04/05/_index.en.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/content/en/docs/04/05/_index.en.md b/content/en/docs/04/05/_index.en.md index 0166c2da..ef148c95 100644 --- a/content/en/docs/04/05/_index.en.md +++ b/content/en/docs/04/05/_index.en.md @@ -16,25 +16,25 @@ In this lab we learn about task control. {{% details title="Solution Task 1" %}} ```bash -$ ansible node1 -B 10 -a "/usr/bin/sleep 1000" +$ ansible node1 -B 10 -a "/usr/bin/sleep 1000" node1 | FAILED | rc=-1 >> -async task did not complete within the requested time - 10s -$ -$ time ansible node1 -B 10 -a "/usr/bin/sleep 1000" +Timeout exceeded + +$ time ansible node1 -B 10 -a "/usr/bin/sleep 1000" node1 | FAILED | rc=-1 >> -async task did not complete within the requested time - 10s +Timeout exceeded + +real 0m17.461s +user 0m1.564s +sys 0m0.253s -real 0m17.626s #<- a bit more than 10 seconds -user 0m3.603s -sys 0m0.510s $ time ansible node1 -B 10 -P 30 -a "/usr/bin/sleep 1000" node1 | FAILED | rc=-1 >> -async task did not complete within the requested time - 10s +Timeout exceeded real 0m32.625s #<- more than the polling interval user 0m5.541s sys 0m0.684s -$ ``` Setting the poll parameter without the async parameter results in the job not beeing put in background. ```bash From 698a4606542fe873f24f5fd13a0ad15682a6c73e Mon Sep 17 00:00:00 2001 From: ThisIsntTheWay Date: Thu, 17 Aug 2023 17:27:28 +0200 Subject: [PATCH 57/65] T7: Remove duplicate bash code block definition --- content/en/docs/04/01/_index.en.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/en/docs/04/01/_index.en.md b/content/en/docs/04/01/_index.en.md index df4cad75..c47bf1a9 100644 --- a/content/en/docs/04/01/_index.en.md +++ b/content/en/docs/04/01/_index.en.md @@ -199,7 +199,6 @@ $ cat password_file.yml password: "" Create the playbook: -```bash $ cat takemehome.yml --- - hosts: localhost From 12bd5464363587bf6e020a3a5afe928c2cbaefc4 Mon Sep 17 00:00:00 2001 From: ThisIsntTheWay Date: Fri, 18 Aug 2023 17:04:15 +0200 Subject: [PATCH 58/65] More consistent formatting of code in solutions --- content/en/docs/08/_index.en.md | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/content/en/docs/08/_index.en.md b/content/en/docs/08/_index.en.md index a9b04599..10b575e7 100644 --- a/content/en/docs/08/_index.en.md +++ b/content/en/docs/08/_index.en.md @@ -63,7 +63,6 @@ name: ansible_techlab2 $ ansible-galaxy collection build puzzle/ansible_techlab/ Created collection for newpuzzle.ansible_techlab2 at /home/ansible/techlab/newpuzzle-ansible_techlab2-1.0.0.tar.gz -$ ``` {{% /details %}} @@ -118,7 +117,6 @@ Installing 'puzzle.ansible_techlab:1.0.0' to '/home/ansible/techlab/collections/ $ ansible-config dump | grep -i galaxy_server GALAXY_SERVER(default) = https://galaxy.ansible.com GALAXY_SERVER_LIST(default) = None -$ ``` Add the following block to your `/home/ansible/techlab/ansible.cfg`: ``` @@ -146,16 +144,15 @@ $ ansible-galaxy collection install nginxinc.nginx_controller Process install dependency map Starting collection install process Installing 'nginxinc.nginx_controller:3.7.5' to '/home/ansible/techlab/collections/ansible_collections/nginxinc/nginx_controller' -$ + $ cat requirements.yml collections: - name: cloudscale_ch.cloud -$ + $ ansible-galaxy collection install -r requirements.yml Process install dependency map Starting collection install process Installing 'cloudscale_ch.cloud:1.0.0' to '/home/ansible/techlab/collections/ansible_collections/cloudscale_ch/cloud' -$ ``` {{% /details %}} @@ -173,7 +170,7 @@ $ ansible-galaxy collection install containers.podman Process install dependency map Starting collection install process Installing 'containers.podman:1.1.4' to '/home/ansible/techlab/collections/ansible_collections/containers/podman' -$ + $ cat collections.yml --- - name: example for using modules from a collection @@ -199,7 +196,6 @@ $ cat collections.yml state: present publish: - '8080' -$ ``` OR: ```bash @@ -226,7 +222,6 @@ $ cat collections.yml state: present publish: - '8080' -$ ``` This would not work, since the module `podman_container` is only content of the collection and not part of the ansible-base installation: ```bash @@ -253,7 +248,7 @@ $ cat collections.yml state: present publish: - '8080' -$ + $ ansible-playbook -i hosts collections.yml ERROR! couldn't resolve module/action 'podman_container'. This often indicates a misspelling, missing collection, or incorrect module path. @@ -265,7 +260,6 @@ The offending line appears to be: - name: Run nginx container ^ here -$ ``` Check the running container: @@ -274,13 +268,11 @@ Check the running container: $ sudo podman ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 00783ec12950 quay.io/bitnami/nginx:latest /opt/bitnami/scri... About a minute ago Up About a minute ago 8443/tcp, 0.0.0.0:32771->8080/tcp my_nginx_container -$ ``` You can even connect to your container using a dynamically assigned port (32771 in the example above) on your host machine. Make sure to adjust the port in the `curl` command-line accordingly: ```bash $ curl -s http://localhost:32771 | grep title Welcome to nginx! -$ ``` {{% /details %}} From 969b00728b047e53d4592a04903eb92470163a35 Mon Sep 17 00:00:00 2001 From: ThisIsntTheWay Date: Fri, 18 Aug 2023 18:00:21 +0200 Subject: [PATCH 59/65] T5: Add details for install errors --- content/en/docs/09/01/_index.en.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/content/en/docs/09/01/_index.en.md b/content/en/docs/09/01/_index.en.md index bf1a5ded..de2ee173 100644 --- a/content/en/docs/09/01/_index.en.md +++ b/content/en/docs/09/01/_index.en.md @@ -129,8 +129,25 @@ $ cat prepare_for_awx.yml * Change directry to `/home/ansible/techlab/awx/installer` * Optional: Edit the file `inventory` and change the values of `admin_user` and `admin_password` (or keep the defaults: "admin" and "password"). * Run the installer: `ansible-playbook -i inventory install.yml` + * Before running the installer, ensure nothing is running on port 80: `sudo ss -tunap | grep :80` + Otherwise, the `awx_web` container is unable to come up. * With your Web Browser connect to `http://`. You should see a login form and be able to log in. +{{% details title="If the installer fails due to a docker_service module` %}} +The installer might fail because a role still uses the `docker_service` module. +In such a case, you will see the following output: +``` +ERROR! [DEPRECATED]: community.general.docker_service has been removed. Use community.docker.docker_compose instead. +This feature was removed from community.general in version 2.0.0. Please update your playbooks. +``` + +To rectify this issue, replace the `docker_service` module with `docker_compose` in the affected role: +```bash +$ FILE=/home/ansible/techlab/awx/installer/roles/local_docker/tasks/upgrade_postgres.yml +$ sed -i 's/docker_service/docker_compose/' $FILE +``` +{{% /details %}} + {{% details title="Solution Task 5" %}} ```bash $ logout From 4027d8125a69c7c5504998caee4a3fc0c35b2959 Mon Sep 17 00:00:00 2001 From: ThisIsntTheWay Date: Fri, 18 Aug 2023 18:34:47 +0200 Subject: [PATCH 60/65] Typos, wordings --- content/en/docs/10/01/_index.en.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/en/docs/10/01/_index.en.md b/content/en/docs/10/01/_index.en.md index 8da2b9b6..94eeb85d 100644 --- a/content/en/docs/10/01/_index.en.md +++ b/content/en/docs/10/01/_index.en.md @@ -8,7 +8,7 @@ In this lab, we will use `ansible-builder` to build our own execution environmen ### Task 1 -* Ensure to have a new version of python installed. `ansible-builder` is developping quickly and chances are, that you cannot run it with a python version that's not rather new. +* Ensure to have a new version of python installed. `ansible-builder` is developing quickly and chances are that you cannot run it with a python version that's not rather new. * Install all packages needed to use `ansible-builder` on the controller host. {{% details title="Solution Task 1" %}} @@ -43,8 +43,8 @@ $ pip3 install ansible-builder --user ### Task 2 * Create a playbook `container.yml` that installs `podman` and pulls the image `docker.io/bitnami/mariadb` on all `db` servers. -* Run this playbook and see how it fails because the collection `containers.podman` is not available in the demo EE `ansible-navigator-demo-ee`. -* In the remainder of this lab, we build our own execution environment containing the collection `containers.podman`. +* Run this playbook and observe how it fails because the collection `containers.podman` is not available in the demo EE `ansible-navigator-demo-ee`. +* For the remainder of this lab, we build our own execution environment containing the collection `containers.podman`. {{% details title="Solution Task 2" %}} ```bash @@ -82,7 +82,7 @@ Create a new execution environment with the name `default-ee`. You can find info The new EE should: -* base on the latest stable version of the `ansible-runner` image from `https://quay.io` +* be based on the latest stable version of the `ansible-runner` image from `https://quay.io` * use the `ansible.cfg` in the `techlab` folder * contain the `pyfiglet` python3 module * contain the collection `containers.podman` and `ansible.posix` From 18a558dc73897ec701028988583b7d953bc7c1a0 Mon Sep 17 00:00:00 2001 From: ThisIsntTheWay Date: Mon, 21 Aug 2023 09:45:45 +0200 Subject: [PATCH 61/65] Fix: Lint --- content/en/docs/09/01/_index.en.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/09/01/_index.en.md b/content/en/docs/09/01/_index.en.md index de2ee173..5b2e4122 100644 --- a/content/en/docs/09/01/_index.en.md +++ b/content/en/docs/09/01/_index.en.md @@ -143,8 +143,8 @@ This feature was removed from community.general in version 2.0.0. Please update To rectify this issue, replace the `docker_service` module with `docker_compose` in the affected role: ```bash -$ FILE=/home/ansible/techlab/awx/installer/roles/local_docker/tasks/upgrade_postgres.yml -$ sed -i 's/docker_service/docker_compose/' $FILE +FILE=/home/ansible/techlab/awx/installer/roles/local_docker/tasks/upgrade_postgres.yml +sed -i 's/docker_service/docker_compose/' $FILE ``` {{% /details %}} From caa11cab6eb6fae6c6935d5eff4fe476e2d91210 Mon Sep 17 00:00:00 2001 From: Friendlypenguin Date: Wed, 23 Aug 2023 13:05:21 +0200 Subject: [PATCH 62/65] Update _index.en.md fix quotations --- content/en/docs/09/01/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/09/01/_index.en.md b/content/en/docs/09/01/_index.en.md index 5b2e4122..46e5bc41 100644 --- a/content/en/docs/09/01/_index.en.md +++ b/content/en/docs/09/01/_index.en.md @@ -133,7 +133,7 @@ $ cat prepare_for_awx.yml Otherwise, the `awx_web` container is unable to come up. * With your Web Browser connect to `http://`. You should see a login form and be able to log in. -{{% details title="If the installer fails due to a docker_service module` %}} +{{% details title="If the installer fails due to a docker_service module" %}} The installer might fail because a role still uses the `docker_service` module. In such a case, you will see the following output: ``` From 09d4899963cee169c597640ab06a284e5c576539 Mon Sep 17 00:00:00 2001 From: Christoph Raaflaub Date: Tue, 17 May 2022 17:22:57 +0200 Subject: [PATCH 63/65] lab 5.1.1: additional checks --- content/en/docs/05/01/_index.en.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/en/docs/05/01/_index.en.md b/content/en/docs/05/01/_index.en.md index 445ad884..9df9c880 100644 --- a/content/en/docs/05/01/_index.en.md +++ b/content/en/docs/05/01/_index.en.md @@ -45,6 +45,7 @@ $ cat roles/handlerrole/handlers/main.yml listen: timestamp $ ansible-playbook myhandler.yml #<-- some changes when run the first time +$ ansible all -b -a "cat /home/ansible/newdir/README.TXT" #<-- show created files with it's content $ ansible-playbook myhandler.yml #<-- no changes here, idempotent! ``` {{% /details %}} From 7a8931fe6467fecf9808b2b37c3587d621c442b7 Mon Sep 17 00:00:00 2001 From: Christoph Raaflaub Date: Tue, 17 May 2022 17:25:56 +0200 Subject: [PATCH 64/65] lab 6.1: additional checks --- content/en/docs/06/_index.en.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/en/docs/06/_index.en.md b/content/en/docs/06/_index.en.md index 29de5f82..4027b176 100644 --- a/content/en/docs/06/_index.en.md +++ b/content/en/docs/06/_index.en.md @@ -33,6 +33,7 @@ $ cat secretservice.yml dest: /etc/MI6 $ ansible-playbook secretservice.yml +$ ansible node1,node2 -b -a "cat /etc/MI6" #<-- show created files with it's content ``` {{% /details %}} From 79cecb9d1876a0755c8181d664e707f5430fadf8 Mon Sep 17 00:00:00 2001 From: Friendlypenguin Date: Wed, 23 Aug 2023 13:14:00 +0200 Subject: [PATCH 65/65] Update _index.en.md add suggestion --- content/en/docs/05/01/_index.en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/05/01/_index.en.md b/content/en/docs/05/01/_index.en.md index 9df9c880..3e6564ac 100644 --- a/content/en/docs/05/01/_index.en.md +++ b/content/en/docs/05/01/_index.en.md @@ -45,7 +45,7 @@ $ cat roles/handlerrole/handlers/main.yml listen: timestamp $ ansible-playbook myhandler.yml #<-- some changes when run the first time -$ ansible all -b -a "cat /home/ansible/newdir/README.TXT" #<-- show created files with it's content +$ ansible all -a "cat /home/ansible/newdir/README.TXT" #<-- show created files with it's content $ ansible-playbook myhandler.yml #<-- no changes here, idempotent! ``` {{% /details %}}