diff --git a/.gitignore b/.gitignore index 95bc7a0ff..1de045d20 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,4 @@ Gemfile _site/* .tox/ provisioner/tests/ci-common.yml +*.gz diff --git a/_config.yml b/_config.yml index f25893138..16b0d6e84 100644 --- a/_config.yml +++ b/_config.yml @@ -3,6 +3,7 @@ theme: jekyll-theme-dinky include: - "provisioner/README.md" exclude: + - "roles" - "provisioner/roles" - "provisioner/group_vars" - "provisioner/inventory" diff --git a/docs/exercises.md b/docs/exercises.md index d4730400e..85fbb6c38 100644 --- a/docs/exercises.md +++ b/docs/exercises.md @@ -21,7 +21,7 @@ This can be customized! There are three variables that you can change with your - `version` - points to the git [branch](https://git-scm.com/docs/git-branch) for the specified git repo. By default this uses `master` - `refspec` - points to the git [refspec](https://git-scm.com/book/en/v2/Git-Internals-The-Refspec). By default this is set to `""` (nothing). -These variables are used in the `control_node` role which can found here: `provisioner/roles/control_node/tasks/main.yml` +These variables are used in the `control_node` role which can found here: `roles/control_node/tasks/main.yml` ## Practical Example diff --git a/exercises/ansible_f5/1.0-explore/README.ja.md b/exercises/ansible_f5/1.0-explore/README.ja.md index ce6351fbe..0b2d506da 100644 --- a/exercises/ansible_f5/1.0-explore/README.ja.md +++ b/exercises/ansible_f5/1.0-explore/README.ja.md @@ -43,7 +43,7 @@ ansible 2.9.14 ``` [student1@ansible f5-workshop]$ cat ~/.ansible.cfg [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml connection = smart timeout = 60 deprecation_warnings = False diff --git a/exercises/ansible_f5/1.0-explore/README.md b/exercises/ansible_f5/1.0-explore/README.md index ade2f2cbc..3499e55e4 100644 --- a/exercises/ansible_f5/1.0-explore/README.md +++ b/exercises/ansible_f5/1.0-explore/README.md @@ -38,7 +38,7 @@ Use the `cat` command to view the contents of the `ansible.cfg` file. ``` [student1@ansible f5-workshop]$ cat ~/.ansible.cfg [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml connection = smart timeout = 60 deprecation_warnings = False diff --git a/exercises/ansible_network/1-explore/README.ja.md b/exercises/ansible_network/1-explore/README.ja.md index 2acf42c43..0182518f5 100644 --- a/exercises/ansible_network/1-explore/README.ja.md +++ b/exercises/ansible_network/1-explore/README.ja.md @@ -72,7 +72,7 @@ ansible 2.8.1 ``` [student1@ansible ~]$ cat ~/.ansible.cfg [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml connection = smart timeout = 60 deprecation_warnings = False diff --git a/exercises/ansible_network/1-explore/README.md b/exercises/ansible_network/1-explore/README.md index a3c662cfd..be40e7b6a 100644 --- a/exercises/ansible_network/1-explore/README.md +++ b/exercises/ansible_network/1-explore/README.md @@ -74,7 +74,7 @@ Use the `cat` command to view the contents of the `ansible.cfg` file. ```bash [student1@ansible ~]$ cat ~/.ansible.cfg [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml connection = smart timeout = 60 deprecation_warnings = False diff --git a/exercises/ansible_rhel/1.2-adhoc/README.es.md b/exercises/ansible_rhel/1.2-adhoc/README.es.md index dd1e83558..3b634f865 100644 --- a/exercises/ansible_rhel/1.2-adhoc/README.es.md +++ b/exercises/ansible_rhel/1.2-adhoc/README.es.md @@ -94,7 +94,7 @@ Salida del contendio del archivo: ```bash [student@ansible ~]$ cat .ansible.cfg [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml connection = smart timeout = 60 deprecation_warnings = False diff --git a/exercises/ansible_rhel/1.2-adhoc/README.fr.md b/exercises/ansible_rhel/1.2-adhoc/README.fr.md index c3e2db046..b9d997af1 100644 --- a/exercises/ansible_rhel/1.2-adhoc/README.fr.md +++ b/exercises/ansible_rhel/1.2-adhoc/README.fr.md @@ -95,7 +95,7 @@ Affichez le fichier de configuration: ```bash [student@ansible ~]$ cat .ansible.cfg [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml connection = smart timeout = 60 deprecation_warnings = False diff --git a/exercises/ansible_rhel/1.2-adhoc/README.ja.md b/exercises/ansible_rhel/1.2-adhoc/README.ja.md index e72d40279..00ff372f8 100644 --- a/exercises/ansible_rhel/1.2-adhoc/README.ja.md +++ b/exercises/ansible_rhel/1.2-adhoc/README.ja.md @@ -103,7 +103,7 @@ Ansible の動作は、Ansible の ini スタイル設定ファイルの内容 ```bash [student@ansible-1 ~]$ cat .ansible.cfg [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml connection = smart timeout = 60 deprecation_warnings = False diff --git a/exercises/ansible_rhel/1.2-adhoc/README.md b/exercises/ansible_rhel/1.2-adhoc/README.md index b1d3eaeb5..0886c853a 100644 --- a/exercises/ansible_rhel/1.2-adhoc/README.md +++ b/exercises/ansible_rhel/1.2-adhoc/README.md @@ -93,7 +93,7 @@ Output the content of the file: ```bash [student@ansible-1 ~]$ cat .ansible.cfg [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml connection = smart timeout = 60 deprecation_warnings = False diff --git a/exercises/ansible_rhel/1.2-adhoc/README.pt-br.md b/exercises/ansible_rhel/1.2-adhoc/README.pt-br.md index 794194678..563f1d593 100644 --- a/exercises/ansible_rhel/1.2-adhoc/README.pt-br.md +++ b/exercises/ansible_rhel/1.2-adhoc/README.pt-br.md @@ -82,7 +82,7 @@ Saída do conteúdo do arquivo: ```bash [student@ansible ~]$ cat .ansible.cfg [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml connection = smart timeout = 60 deprecation_warnings = False diff --git a/provisioner/roles/code_server/files/bierner.markdown-preview-github-styles-0.1.6.vsix b/files/bierner.markdown-preview-github-styles-0.1.6.vsix similarity index 100% rename from provisioner/roles/code_server/files/bierner.markdown-preview-github-styles-0.1.6.vsix rename to files/bierner.markdown-preview-github-styles-0.1.6.vsix diff --git a/provisioner/roles/code_server/files/hnw.vscode-auto-open-markdown-preview-0.0.4.vsix b/files/hnw.vscode-auto-open-markdown-preview-0.0.4.vsix similarity index 100% rename from provisioner/roles/code_server/files/hnw.vscode-auto-open-markdown-preview-0.0.4.vsix rename to files/hnw.vscode-auto-open-markdown-preview-0.0.4.vsix diff --git a/provisioner/roles/code_server/files/vscoss.vscode-ansible-0.5.2.vsix b/files/vscoss.vscode-ansible-0.5.2.vsix similarity index 100% rename from provisioner/roles/code_server/files/vscoss.vscode-ansible-0.5.2.vsix rename to files/vscoss.vscode-ansible-0.5.2.vsix diff --git a/galaxy.yml b/galaxy.yml index 4b4febc42..0467aaff0 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,11 +1,14 @@ --- namespace: ansible name: workshops -version: 0.0.1 +version: 0.0.2 readme: README.md authors: - - Sean Cavanaugh + - Sean Cavanaugh @IPvSean + - Sašo Stanovnik @sstanovnik + - Colin McNaughton @colincloin + - Roland Wolters @liquidat build_ignore: - assets @@ -15,6 +18,9 @@ build_ignore: - '*.tar.gz' - provisioner - vagrant-demo + - images + - _layouts + - docs # A short summary description of the collection @@ -36,7 +42,26 @@ tags: [] # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version # range specifiers can be set and are separated by ',' dependencies: - "awx.awx": "*" # note: "*" selects the highest version available + # version 19.1.0 introduced a breaking change, fix likely to be released in 19.3.0 + # https://github.com/ansible/awx/pull/10336 + "awx.awx": "19.0.0" + "amazon.aws": "==1.5.0" + "arista.eos": "==2.1.2" + "ansible.netcommon": "==2.0.2" + "ansible.posix": "==1.2.0" + "ansible.product_demos": "==1.2.7" + "ansible.windows": "==1.5.0" + "chocolatey.chocolatey": "==1.1.0" + "cisco.ios": "2.0.1" + "community.aws": "==1.5.0" + "community.crypto": "==1.6.2" + "community.general": "==3.0.2" + "community.mysql": "==2.1.0" + "community.windows": "==1.3.0" + "f5networks.f5_modules": "==1.9.0" + "junipernetworks.junos": "==2.1.0" + "redhat_cop.tower_configuration": "==1.0.2" + "redhat_cop.tower_utilities": "==0.3.2" # The URL of the originating SCM repository diff --git a/provisioner/ansible.cfg b/provisioner/ansible.cfg index c6e525166..d60548003 100644 --- a/provisioner/ansible.cfg +++ b/provisioner/ansible.cfg @@ -9,7 +9,7 @@ [defaults] interpreter_python = auto_silent -stdout_callback = yaml +stdout_callback = community.general.yaml inventory = hosts forks = 50 host_key_checking = False diff --git a/provisioner/devops.yml b/provisioner/devops.yml index a94205066..2f1416885 100644 --- a/provisioner/devops.yml +++ b/provisioner/devops.yml @@ -3,6 +3,7 @@ hosts: lab_hosts become: true gather_facts: false - roles: - - role: devops + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/devops" when: workshop_type == "devops" diff --git a/provisioner/f5.yml b/provisioner/f5.yml index 04d5f0680..076e10f60 100644 --- a/provisioner/f5.yml +++ b/provisioner/f5.yml @@ -3,13 +3,17 @@ hosts: lab_hosts become: true gather_facts: false - roles: - - {role: webservers} + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/webservers" - name: setup f5 nodes hosts: f5 become: false connection: local gather_facts: false - roles: - - {role: f5_setup} + vars: + as3_uri: "https://github.com/F5Networks/f5-appsvcs-extension/releases" + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/f5_setup" diff --git a/provisioner/middleware.yml b/provisioner/middleware.yml index 0d4837701..9e721a610 100644 --- a/provisioner/middleware.yml +++ b/provisioner/middleware.yml @@ -6,4 +6,4 @@ tasks: - name: configure RHEL webservers include_role: - name: webservers + name: "{{ playbook_dir }}/../roles/webservers" diff --git a/provisioner/network.yml b/provisioner/network.yml index 5ebac910b..18771759f 100644 --- a/provisioner/network.yml +++ b/provisioner/network.yml @@ -5,7 +5,7 @@ tasks: - name: make sure routers have ssh reachability include_role: - name: connectivity_test + name: "{{ playbook_dir }}/../roles/connectivity_test" tasks_from: routers - name: change juniper password @@ -16,7 +16,7 @@ tasks: - name: configure juniper password include_role: - name: configure_routers + name: "{{ playbook_dir }}/../roles/configure_routers" tasks_from: juniper_default when: ansible_network_os == "junos" @@ -24,16 +24,18 @@ hosts: access,core connection: local gather_facts: false - roles: - - {role: gather_router_facts} + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/gather_router_facts" - name: configure access routers hosts: access connection: local gather_facts: false - roles: - - role: configure_routers + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/configure_routers" vars: type: access @@ -41,9 +43,9 @@ hosts: core connection: local gather_facts: false - - roles: - - role: configure_routers + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/configure_routers" vars: type: core when: diff --git a/provisioner/provision_lab.yml b/provisioner/provision_lab.yml index 288e7b031..9b00e2141 100644 --- a/provisioner/provision_lab.yml +++ b/provisioner/provision_lab.yml @@ -7,11 +7,11 @@ tasks: - name: run pre-check role to make sure workshop will complete provisioning include_role: - name: workshop_check_setup + name: "{{ playbook_dir }}/../roles/workshop_check_setup" - name: run AWS check setup if using AWS include_role: - name: aws_check_setup + name: "{{ playbook_dir }}/../roles/aws_check_setup" - name: Create lab instances in AWS hosts: localhost @@ -30,8 +30,9 @@ hosts: "managed_nodes:control_nodes:attendance" become: true gather_facts: false - roles: - - connectivity_test + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/connectivity_test" - name: Configure nginx on attendance host hosts: attendance @@ -40,25 +41,28 @@ tasks: - block: - include_role: - name: workshop_attendance_nginx + name: "{{ playbook_dir }}/../roles/workshop_attendance_nginx" - include_role: - name: workshop_attendance + name: "{{ playbook_dir }}/../roles/workshop_attendance" when: attendance|bool - name: wait for all security nodes to have SSH reachability hosts: "security_connection_check" become: true gather_facts: false - roles: - - connectivity_test + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/connectivity_test" - name: Configure common options on managed nodes and control nodes hosts: "managed_nodes:control_nodes" gather_facts: false become: true - roles: - - user_accounts - - common + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/user_accounts" + - include_role: + name: "{{ playbook_dir }}/../roles/common" - name: Configure /etc/hosts hosts: 'managed_nodes:control_nodes' @@ -83,11 +87,12 @@ pre_tasks: - debug: var: tower_license - roles: - - role: control_node tasks: - include_role: - name: code_server + name: "{{ playbook_dir }}/../roles/control_node" + + - include_role: + name: "{{ playbook_dir }}/../roles/code_server" when: - code_server is defined - code_server @@ -100,12 +105,12 @@ become: true tasks: - include_role: - name: control_node + name: "{{ playbook_dir }}/../roles/control_node" tasks_from: package_dependencies when: create_cluster|bool - include_role: - name: control_node + name: "{{ playbook_dir }}/../roles/control_node" tasks_from: venv when: create_cluster|bool @@ -116,7 +121,7 @@ gather_facts: false tasks: - include_role: - name: aws_dns + name: "{{ playbook_dir }}/../roles/aws_dns" when: - dns_type is defined - dns_type == "aws" @@ -132,7 +137,7 @@ tasks: - name: run populate_tower role include_role: - name: populate_tower + name: "{{ playbook_dir }}/../roles/populate_tower" when: - towerinstall is defined - towerinstall|bool @@ -146,7 +151,7 @@ tasks: - name: install boinc-client and register include_role: - name: community_grid + name: "{{ playbook_dir }}/../roles/community_grid" when: - ibm_community_grid is defined - ibm_community_grid @@ -159,7 +164,7 @@ tasks: - name: install boinc-client and register include_role: - name: community_grid + name: "{{ playbook_dir }}/../roles/community_grid" tasks_from: auto_shutoff when: - ibm_community_grid is defined @@ -201,7 +206,7 @@ become: false gather_facts: false tasks: - - {include_role: {name: tower_request}, when: student_total > 9} + - {include_role: {name: "{{ playbook_dir }}/../roles/tower_request"}, when: student_total > 9} - name: print out information for instructor hosts: localhost diff --git a/provisioner/qradar.yml b/provisioner/qradar.yml index 9b9f253e8..d043d6b00 100644 --- a/provisioner/qradar.yml +++ b/provisioner/qradar.yml @@ -11,5 +11,6 @@ hosts: qradar become: true gather_facts: true - roles: - - role: qradar + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/qradar" diff --git a/provisioner/rhel.yml b/provisioner/rhel.yml index 0d4837701..9e721a610 100644 --- a/provisioner/rhel.yml +++ b/provisioner/rhel.yml @@ -6,4 +6,4 @@ tasks: - name: configure RHEL webservers include_role: - name: webservers + name: "{{ playbook_dir }}/../roles/webservers" diff --git a/provisioner/rhel_90.yml b/provisioner/rhel_90.yml index 0d4837701..9e721a610 100644 --- a/provisioner/rhel_90.yml +++ b/provisioner/rhel_90.yml @@ -6,4 +6,4 @@ tasks: - name: configure RHEL webservers include_role: - name: webservers + name: "{{ playbook_dir }}/../roles/webservers" diff --git a/provisioner/roles/f5_setup/tasks/main.yml b/provisioner/roles/f5_setup/tasks/main.yml deleted file mode 100644 index 0ec3fb4d6..000000000 --- a/provisioner/roles/f5_setup/tasks/main.yml +++ /dev/null @@ -1,111 +0,0 @@ ---- -- name: Wait for BIG-IP to boot up completely - wait_for: - host: "{{ ansible_host }}" - port: 8443 - state: present - -- name: Change BIG-IP F5 mgmt password - bigip_command: - provider: - ssh_keyfile: "{{playbook_dir}}/{{ec2_name_prefix}}/{{ec2_name_prefix}}-private.pem" - transport: cli - user: admin - server: "{{ ansible_host }}" - commands: "modify auth user admin password {{admin_password}}" - register: change_password - until: change_password is not failed - retries: 5 - delay: 10 - -- name: Wait for API to be Ready - bigip_wait: - timeout: 300 - provider: - validate_certs: "no" - user: admin - password: "{{admin_password}}" - server_port: 8443 - server: "{{ ansible_host }}" - delegate_to: localhost - -# The bigip_lx_package requires rpm installed, on macOS use brew rather than pip or it won't work -- name: Install AS3 - bigip_lx_package: - package: "{{playbook_dir}}/roles/f5_setup/files/f5-appsvcs-3.25.0-3.noarch.rpm" - provider: - validate_certs: "no" - user: admin - password: "{{admin_password}}" - server_port: 8443 - server: "{{ ansible_host }}" - timeout: 300 - register: install_as3 - until: install_as3 is not failed - retries: 2 - -- name: Set db provision.extramb - bigip_sys_db: - key: provision.extramb - value: "1024" - provider: - validate_certs: "no" - user: admin - password: "{{admin_password}}" - server_port: 8443 - server: "{{ ansible_host }}" - -- name: Set db restjavad.useextramb - bigip_sys_db: - key: restjavad.useextramb - value: "true" - provider: - validate_certs: "no" - user: admin - password: "{{admin_password}}" - server_port: 8443 - server: "{{ ansible_host }}" - -- name: Set db restjavad.timeout - bigip_sys_db: - key: restjavad.timeout - value: "180" - provider: - validate_certs: "no" - user: admin - password: "{{admin_password}}" - server_port: 8443 - server: "{{ ansible_host }}" - -- name: Set httpd max-clients - bigip_device_httpd: - max_clients: 20 - provider: - validate_certs: "no" - user: admin - password: "{{admin_password}}" - server_port: 8443 - server: "{{ ansible_host }}" - -- name: Save Config - bigip_config: - save: true - provider: - validate_certs: "no" - user: admin - password: "{{admin_password}}" - server_port: 8443 - server: "{{ ansible_host }}" - -- name: Restart REST - bigip_command: - provider: - validate_certs: "no" - user: admin - password: "{{admin_password}}" - server_port: 8443 - server: "{{ ansible_host }}" - commands: - - restart sys service restjavad - - restart sys service restnoded - ignore_errors: true diff --git a/provisioner/roles/manage_ec2_instances/defaults/main/main.yml b/provisioner/roles/manage_ec2_instances/defaults/main/main.yml index d2a2a020b..e683dd465 100644 --- a/provisioner/roles/manage_ec2_instances/defaults/main/main.yml +++ b/provisioner/roles/manage_ec2_instances/defaults/main/main.yml @@ -70,7 +70,7 @@ ec2_info: # Look for owner 309956199498 to find official Red Hat AMIs rhel8-tower: owners: 309956199498 - size: t2.medium + size: t3.medium os_type: linux disk_space: 20 architecture: x86_64 diff --git a/provisioner/roles/manage_ec2_instances/tasks/teardown.yml b/provisioner/roles/manage_ec2_instances/tasks/teardown.yml index 583e6d470..420c6c670 100644 --- a/provisioner/roles/manage_ec2_instances/tasks/teardown.yml +++ b/provisioner/roles/manage_ec2_instances/tasks/teardown.yml @@ -286,14 +286,14 @@ ec2_vpc_route_table_info: region: "{{ ec2_region }}" filters: - vpc_id: "{{ec2_vpc_id}}" + vpc-id: "{{ec2_vpc_id}}" register: route_table_facts - name: grab route information for {{ ec2_name_prefix }} on {{ ec2_region }} vpc2 (NETWORK MODE) ec2_vpc_route_table_info: region: "{{ ec2_region }}" filters: - vpc_id: "{{ec2_vpc_id2}}" + vpc-id: "{{ec2_vpc_id2}}" register: route_table_facts2 when: - workshop_type == 'networking' or workshop_type == 'network' or workshop_type == 'demo' diff --git a/provisioner/roles/splunk_enterprise/files/lets-encrypt-x3-cross-signed.key b/provisioner/roles/splunk_enterprise/files/lets-encrypt-x3-cross-signed.key deleted file mode 100644 index 0002462ce..000000000 --- a/provisioner/roles/splunk_enterprise/files/lets-encrypt-x3-cross-signed.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/provisioner/roles/splunk_enterprise/templates/combined_cert.j2 b/provisioner/roles/splunk_enterprise/templates/combined_cert.j2 deleted file mode 100644 index c183920b2..000000000 --- a/provisioner/roles/splunk_enterprise/templates/combined_cert.j2 +++ /dev/null @@ -1,2 +0,0 @@ -{{intermediate_cert.content|b64decode}} -{{lookup('file', 'lets-encrypt-x3-cross-signed.key')}} diff --git a/provisioner/roles/workshop_check_setup/defaults/main.yml b/provisioner/roles/workshop_check_setup/defaults/main.yml deleted file mode 100644 index a6f594138..000000000 --- a/provisioner/roles/workshop_check_setup/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -use_manifest: false -collections: - - awx.awx - - ansible.product_demos - - redhat_cop.tower_utilities:==0.3.2 - - redhat_cop.tower_configuration:==1.0.2 - - community.aws diff --git a/provisioner/security.yml b/provisioner/security.yml index c3e4b25b9..baa70c206 100644 --- a/provisioner/security.yml +++ b/provisioner/security.yml @@ -3,15 +3,15 @@ hosts: attack:snort become: true tasks: - - import_role: - name: security_eth1 + - include_role: + name: "{{ playbook_dir }}/../roles/security_eth1" - name: Setup host route for attack simulator hosts: attack:snort become: true tasks: - - import_role: - name: security_hostroutes + - include_role: + name: "{{ playbook_dir }}/../roles/security_hostroutes" - name: Install Pre Reqs on attacker hosts: attack @@ -91,23 +91,26 @@ name: "ansible_security.ids_config" - name: import webserver role for web exploit simulation include_role: - name: "webservers" + name: "{{ playbook_dir }}/../roles/webservers" - name: import webserver attack simulation role include_role: - name: "webservers_attack_simulation" + name: "{{ playbook_dir }}/../roles/webservers_attack_simulation" - name: SETUP WINDOWS WORKSTATION hosts: windows - roles: - - role: windows_ws_setup + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/windows_ws_setup" - name: FIX CHECKPOINT MGMT SERVER hosts: checkpoint_mgmt gather_facts: false - roles: - - role: cp_fix_mgmt + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/cp_fix_mgmt" - name: SETUP CHECKPOINT ENVIRONMENT hosts: '*ansible-1' - roles: - - role: cp_setup + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/cp_setup" diff --git a/provisioner/smart_mgmt.yml b/provisioner/smart_mgmt.yml index a48e7bc84..ad0154fb6 100644 --- a/provisioner/smart_mgmt.yml +++ b/provisioner/smart_mgmt.yml @@ -6,7 +6,8 @@ tasks: - name: configure RHEL webservers include_role: - name: webservers + name: "{{ playbook_dir }}/../roles/webservers" + - name: configure satellite hosts: satellite @@ -22,7 +23,7 @@ line: " :password: '{{ admin_password }}'" - name: configure satellite dns become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "{{username}}-sat.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" diff --git a/provisioner/splunk.yml b/provisioner/splunk.yml index 9d8682c28..ca94cd55d 100644 --- a/provisioner/splunk.yml +++ b/provisioner/splunk.yml @@ -3,5 +3,6 @@ hosts: splunk become: true gather_facts: true - roles: - - role: splunk_enterprise + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/splunk_enterprise" diff --git a/provisioner/teardown_lab.yml b/provisioner/teardown_lab.yml index 1b6b40081..600b20e3e 100644 --- a/provisioner/teardown_lab.yml +++ b/provisioner/teardown_lab.yml @@ -14,10 +14,10 @@ tasks: - {include_role: {name: manage_ec2_instances}} - - {include_role: {name: aws_dns}, when: dns_type == "aws"} - - {include_role: {name: code_server}, when: code_server} - - {include_role: {name: gitlab-server}, when: workshop_type == "windows"} - - {include_role: {name: workshop_attendance}, when: attendance} + - {include_role: {name: "{{ playbook_dir }}/../roles/aws_dns"}, when: dns_type == "aws"} + - {include_role: {name: "{{ playbook_dir }}/../roles/code_server"}, when: code_server} + - {include_role: {name: "{{ playbook_dir }}/../roles/gitlab-server"}, when: workshop_type == "windows"} + - {include_role: {name: "{{ playbook_dir }}/../roles/workshop_attendance"}, when: attendance} - name: Remove workshop local files diff --git a/provisioner/tests/ansible.cfg b/provisioner/tests/ansible.cfg index 00a034752..e36cee181 100644 --- a/provisioner/tests/ansible.cfg +++ b/provisioner/tests/ansible.cfg @@ -1,5 +1,5 @@ [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml inventory = ../hosts forks = 50 host_key_checking = False diff --git a/provisioner/tests/rhel_verify.yml b/provisioner/tests/rhel_verify.yml index de6360c46..889ef959f 100644 --- a/provisioner/tests/rhel_verify.yml +++ b/provisioner/tests/rhel_verify.yml @@ -15,7 +15,7 @@ when: ((ansible_facts.packages['ansible'][0]['version'] is not defined) or (ansible_facts.packages['ansible'][0]['version']|string) is version("2.9.0",'<')) - name: Test access by exporting assets - tower_receive: + awx.awx.tower_receive: inventory: - all tower_host: "{{ inventory_hostname|regex_replace('-ansible-1', '') }}.{{ workshop_name }}.rhdemo.io" diff --git a/provisioner/tests/windows_verify.yml b/provisioner/tests/windows_verify.yml index f9ba294c2..991b9f1fc 100644 --- a/provisioner/tests/windows_verify.yml +++ b/provisioner/tests/windows_verify.yml @@ -15,7 +15,7 @@ when: ((ansible_facts.packages['ansible'][0]['version'] is not defined) or (ansible_facts.packages['ansible'][0]['version']|string) is version("2.9.0",'<')) - name: Test access by exporting assets - tower_receive: + awx.awx.tower_receive: inventory: - all tower_host: "{{ inventory_hostname|regex_replace('-ansible-1', '') }}.{{ workshop_name }}.rhdemo.io" diff --git a/provisioner/windows.yml b/provisioner/windows.yml index 73f317ada..ec37aee28 100644 --- a/provisioner/windows.yml +++ b/provisioner/windows.yml @@ -7,16 +7,16 @@ - gitlab tasks: - include_role: - name: common + name: "{{ playbook_dir }}/../roles/common" - include_role: - name: gitlab-server + name: "{{ playbook_dir }}/../roles/gitlab-server" - include_role: name: geerlingguy.gitlab vars: gitlab_version: '13.6.7-ce.0.el8' gitlab_external_url: "https://gitlab.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" - include_role: - name: gitlab-server + name: "{{ playbook_dir }}/../roles/gitlab-server" tasks_from: add-users - name: Configure GitLab client @@ -25,5 +25,6 @@ gather_facts: true tags: - git - roles: - - gitlab-client + tasks: + - include_role: + name: "{{ playbook_dir }}/../roles/gitlab-client" diff --git a/roles/aws_check_setup/meta/argument_spec.yml b/roles/aws_check_setup/meta/argument_spec.yml new file mode 100644 index 000000000..217dd771f --- /dev/null +++ b/roles/aws_check_setup/meta/argument_spec.yml @@ -0,0 +1,22 @@ +--- +argument_specs: + main: + short_description: Verify prerequisites for deploying on AWS. + options: + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + ec2_region: + description: The AWS EC2 region to deploy the workshop in. + type: str + required: true + aws_az_deny_list: + description: Any AWS AZs to exclude. + type: list + elements: str + required: false + dns_type: + description: The system that manages DNS, e.g. "aws" + type: str + required: true diff --git a/provisioner/roles/aws_check_setup/tasks/main.yml b/roles/aws_check_setup/tasks/main.yml similarity index 95% rename from provisioner/roles/aws_check_setup/tasks/main.yml rename to roles/aws_check_setup/tasks/main.yml index 878c1bdd4..d369e18f2 100644 --- a/provisioner/roles/aws_check_setup/tasks/main.yml +++ b/roles/aws_check_setup/tasks/main.yml @@ -19,7 +19,7 @@ - name: does route53 zone exist check_mode: true - route53_zone: + community.aws.route53_zone: zone: "{{workshop_dns_zone}}" state: present register: test @@ -35,7 +35,7 @@ - dns_type == "aws" - name: FIND AZ ZONE FOR REGION {{ec2_region}} - aws_az_info: + amazon.aws.aws_az_info: region: "{{ec2_region}}" register: az_names @@ -57,7 +57,7 @@ ec2_az: "{{ availability_zones[0].zone_name }}" - name: grab information about AWS user - aws_caller_info: + amazon.aws.aws_caller_info: region: "{{ ec2_region }}" register: whoami diff --git a/roles/aws_dns/meta/argument_spec.yml b/roles/aws_dns/meta/argument_spec.yml new file mode 100644 index 000000000..3c9abf6ec --- /dev/null +++ b/roles/aws_dns/meta/argument_spec.yml @@ -0,0 +1,69 @@ +--- +argument_specs: + main: + short_description: Set up DNS on AWS, main entrypoint. + options: + teardown: + description: Whether to execute teardown or creation. + type: bool + required: true + username: + description: The workshop username. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + create: + short_description: Set up DNS for Ansible Tower on AWS. + options: + s3_state: + description: Whether the DNS record is present or absent. + type: str + options: + - present + - absent + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + username: + description: The workshop username. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + teardown: + short_description: Teardown AWS DNS resources. + options: + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + s3_state: + description: Whether the DNS record is present or absent. + type: str + options: + - present + - absent + required: true + student_total: + description: The total number of students for the workshop. + type: int + required: true diff --git a/provisioner/roles/aws_dns/tasks/create.yml b/roles/aws_dns/tasks/create.yml similarity index 76% rename from provisioner/roles/aws_dns/tasks/create.yml rename to roles/aws_dns/tasks/create.yml index 5287e1143..17187b304 100644 --- a/provisioner/roles/aws_dns/tasks/create.yml +++ b/roles/aws_dns/tasks/create.yml @@ -1,7 +1,7 @@ --- -- name: dns for tower node +- name: Configure DNS for the Ansible Tower node become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "{{username}}.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" diff --git a/provisioner/roles/aws_dns/tasks/main.yml b/roles/aws_dns/tasks/main.yml similarity index 100% rename from provisioner/roles/aws_dns/tasks/main.yml rename to roles/aws_dns/tasks/main.yml diff --git a/provisioner/roles/aws_dns/tasks/teardown.yml b/roles/aws_dns/tasks/teardown.yml similarity index 92% rename from provisioner/roles/aws_dns/tasks/teardown.yml rename to roles/aws_dns/tasks/teardown.yml index d76adb241..1619373b0 100644 --- a/provisioner/roles/aws_dns/tasks/teardown.yml +++ b/roles/aws_dns/tasks/teardown.yml @@ -1,11 +1,11 @@ --- - name: GRAB ZONE ID - route53_zone: + community.aws.route53_zone: zone: "{{workshop_dns_zone}}" register: AWSINFO - name: GRAB ROUTE53 INFORMATION - route53_info: + community.aws.route53_info: type: A query: record_sets hosted_zone_id: "{{AWSINFO.zone_id}}" @@ -14,7 +14,7 @@ - name: DELETE DNS ENTRIES FOR EACH STUDENT become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "student{{item}}.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" @@ -26,7 +26,7 @@ when: records | length > 0 - name: GRAB ROUTE53 INFORMATION - Satellite - route53_info: + community.aws.route53_info: type: A query: record_sets hosted_zone_id: "{{AWSINFO.zone_id}}" @@ -35,7 +35,7 @@ - name: delete dns entries for Satellite for each student become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "student{{item}}-sat.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" @@ -47,7 +47,7 @@ when: records | length > 0 - name: GRAB ROUTE53 INFORMATION - zone subdomain root - route53_info: + community.aws.route53_info: type: A query: record_sets hosted_zone_id: "{{AWSINFO.zone_id}}" @@ -56,7 +56,7 @@ - name: delete dns entry for zone subdomain root become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" diff --git a/roles/code_server/files/bierner.markdown-preview-github-styles-0.1.6.vsix b/roles/code_server/files/bierner.markdown-preview-github-styles-0.1.6.vsix new file mode 100644 index 000000000..e26ea30cb Binary files /dev/null and b/roles/code_server/files/bierner.markdown-preview-github-styles-0.1.6.vsix differ diff --git a/roles/code_server/files/hnw.vscode-auto-open-markdown-preview-0.0.4.vsix b/roles/code_server/files/hnw.vscode-auto-open-markdown-preview-0.0.4.vsix new file mode 100644 index 000000000..a72a1a61f Binary files /dev/null and b/roles/code_server/files/hnw.vscode-auto-open-markdown-preview-0.0.4.vsix differ diff --git a/provisioner/roles/f5_setup/files/f5-appsvcs-3.25.0-3.noarch.rpm b/roles/code_server/files/vscoss.vscode-ansible-0.5.2.vsix similarity index 56% rename from provisioner/roles/f5_setup/files/f5-appsvcs-3.25.0-3.noarch.rpm rename to roles/code_server/files/vscoss.vscode-ansible-0.5.2.vsix index 8acd9528d..3d6bb9929 100644 Binary files a/provisioner/roles/f5_setup/files/f5-appsvcs-3.25.0-3.noarch.rpm and b/roles/code_server/files/vscoss.vscode-ansible-0.5.2.vsix differ diff --git a/roles/code_server/meta/argument_spec.yml b/roles/code_server/meta/argument_spec.yml new file mode 100644 index 000000000..ab374e6a7 --- /dev/null +++ b/roles/code_server/meta/argument_spec.yml @@ -0,0 +1,69 @@ +--- +argument_specs: + main: + short_description: Set up the code server, main entrypoint. + options: + teardown: + description: Whether to execute teardown or creation. + type: bool + required: true + username: + description: The workshop username. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + codeserver: + short_description: Provision the code server. + options: + s3_state: + description: Whether the DNS record is present or absent. + type: str + options: + - present + - absent + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + username: + description: The workshop username. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + admin_password: + description: The code server admin password. + type: str + required: true + teardown: + short_description: Teardown the code server. + options: + s3_state: + description: Whether the DNS record is present or absent. + type: str + options: + - present + - absent + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + student_total: + description: The total number of students for the workshop. + type: int + required: true diff --git a/provisioner/roles/code_server/tasks/codeserver.yml b/roles/code_server/tasks/codeserver.yml similarity index 99% rename from provisioner/roles/code_server/tasks/codeserver.yml rename to roles/code_server/tasks/codeserver.yml index a69bf8a63..4cb317f43 100644 --- a/provisioner/roles/code_server/tasks/codeserver.yml +++ b/roles/code_server/tasks/codeserver.yml @@ -4,7 +4,7 @@ - name: dns for coder become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "{{username}}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" diff --git a/provisioner/roles/code_server/tasks/main.yml b/roles/code_server/tasks/main.yml similarity index 85% rename from provisioner/roles/code_server/tasks/main.yml rename to roles/code_server/tasks/main.yml index cfbb7278d..96563076d 100644 --- a/provisioner/roles/code_server/tasks/main.yml +++ b/roles/code_server/tasks/main.yml @@ -5,8 +5,8 @@ - name: check to see if SSL cert already applied become: false - get_certificate: - host: "{{username}}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" + community.crypto.get_certificate: + host: "{{ username }}-code.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}" port: 443 delegate_to: localhost run_once: true @@ -41,7 +41,7 @@ - name: fail on purpose now to let user know code server failed debug: - msg: "VS code integration has failed in provisioner/roles/code_server/tasks/main.yml" + msg: "VS code integration has failed in roles/code_server/tasks/main.yml" failed_when: true when: - not teardown|bool diff --git a/provisioner/roles/code_server/tasks/teardown.yml b/roles/code_server/tasks/teardown.yml similarity index 91% rename from provisioner/roles/code_server/tasks/teardown.yml rename to roles/code_server/tasks/teardown.yml index b19114035..93b463ca6 100644 --- a/provisioner/roles/code_server/tasks/teardown.yml +++ b/roles/code_server/tasks/teardown.yml @@ -1,11 +1,11 @@ --- - name: GRAB ZONE ID - route53_zone: + community.aws.route53_zone: zone: "{{workshop_dns_zone}}" register: AWSINFO - name: GRAB ROUTE53 INFORMATION - route53_info: + community.aws.route53_info: type: A query: record_sets hosted_zone_id: "{{AWSINFO.zone_id}}" @@ -14,7 +14,7 @@ - name: delete dns entries for vs code for each student become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "student{{item}}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" diff --git a/provisioner/roles/code_server/templates/code-server.service.j2 b/roles/code_server/templates/code-server.service.j2 similarity index 100% rename from provisioner/roles/code_server/templates/code-server.service.j2 rename to roles/code_server/templates/code-server.service.j2 diff --git a/provisioner/roles/code_server/templates/nginx.conf b/roles/code_server/templates/nginx.conf similarity index 100% rename from provisioner/roles/code_server/templates/nginx.conf rename to roles/code_server/templates/nginx.conf diff --git a/provisioner/roles/code_server/templates/settings.json b/roles/code_server/templates/settings.json similarity index 100% rename from provisioner/roles/code_server/templates/settings.json rename to roles/code_server/templates/settings.json diff --git a/provisioner/roles/common/defaults/main.yml b/roles/common/defaults/main.yml similarity index 100% rename from provisioner/roles/common/defaults/main.yml rename to roles/common/defaults/main.yml diff --git a/provisioner/roles/common/handlers/main.yml b/roles/common/handlers/main.yml similarity index 100% rename from provisioner/roles/common/handlers/main.yml rename to roles/common/handlers/main.yml diff --git a/roles/common/meta/argument_spec.yml b/roles/common/meta/argument_spec.yml new file mode 100644 index 000000000..1596fbf07 --- /dev/null +++ b/roles/common/meta/argument_spec.yml @@ -0,0 +1,34 @@ +--- +argument_specs: + main: + short_description: Common functionality. + options: + short_name: + description: The name of the instance. + type: str + required: true + ssh_port: + description: The SSH daemon port. + type: int + required: true + username: + description: The workshop username. + type: str + required: true + windows: + short_description: Common windows functionality. + options: + dns_domain_name: + description: The search domain. + type: str + required: true + dns_server: + description: The system DNS server. + type: str + required: true + instance_loc: + description: Where the instance is located. + type: str + choices: + - ec2 + required: true diff --git a/provisioner/roles/common/tasks/main.yml b/roles/common/tasks/main.yml similarity index 100% rename from provisioner/roles/common/tasks/main.yml rename to roles/common/tasks/main.yml diff --git a/provisioner/roles/common/tasks/windows.yml b/roles/common/tasks/windows.yml similarity index 100% rename from provisioner/roles/common/tasks/windows.yml rename to roles/common/tasks/windows.yml diff --git a/provisioner/roles/common/templates/windows_resolv.conf.j2 b/roles/common/templates/windows_resolv.conf.j2 similarity index 100% rename from provisioner/roles/common/templates/windows_resolv.conf.j2 rename to roles/common/templates/windows_resolv.conf.j2 diff --git a/roles/community_grid/meta/argument_spec.yml b/roles/community_grid/meta/argument_spec.yml new file mode 100644 index 000000000..3733f0d52 --- /dev/null +++ b/roles/community_grid/meta/argument_spec.yml @@ -0,0 +1,15 @@ +--- +argument_specs: + main: + short_description: Set up the IBM community grid server. + auto_shutoff: + short_description: Configure automatic shutoff. + options: + username: + description: The workshop username. + type: str + required: true + workshop_type: + description: The type of the workshop + type: str + required: true diff --git a/provisioner/roles/community_grid/tasks/auto_shutoff.yml b/roles/community_grid/tasks/auto_shutoff.yml similarity index 100% rename from provisioner/roles/community_grid/tasks/auto_shutoff.yml rename to roles/community_grid/tasks/auto_shutoff.yml diff --git a/provisioner/roles/community_grid/tasks/main.yml b/roles/community_grid/tasks/main.yml similarity index 100% rename from provisioner/roles/community_grid/tasks/main.yml rename to roles/community_grid/tasks/main.yml diff --git a/provisioner/roles/community_grid/templates/auto_shutoff.j2 b/roles/community_grid/templates/auto_shutoff.j2 similarity index 100% rename from provisioner/roles/community_grid/templates/auto_shutoff.j2 rename to roles/community_grid/templates/auto_shutoff.j2 diff --git a/roles/configure_routers/meta/argument_spec.yml b/roles/configure_routers/meta/argument_spec.yml new file mode 100644 index 000000000..47d0d6f6c --- /dev/null +++ b/roles/configure_routers/meta/argument_spec.yml @@ -0,0 +1,26 @@ +--- +argument_specs: + main: + short_description: Configure routers. + options: + type: + type: str + options: + - core + - access + required: true + short_name: + description: The device's short name. + type: str + required: true + private_ip: + description: The device's private IP address. + type: str + required: true + juniper_default: + short_description: Set Juniper defaults. + options: + admin_password: + description: The appliance admin password. + type: str + required: true diff --git a/provisioner/roles/configure_routers/tasks/juniper_default.yml b/roles/configure_routers/tasks/juniper_default.yml similarity index 84% rename from provisioner/roles/configure_routers/tasks/juniper_default.yml rename to roles/configure_routers/tasks/juniper_default.yml index acdec0acf..fae119cd5 100644 --- a/provisioner/roles/configure_routers/tasks/juniper_default.yml +++ b/roles/configure_routers/tasks/juniper_default.yml @@ -1,6 +1,6 @@ --- - name: CHANGE PASSWORD TO WORKSHOP DEFAULT - cli_command: + ansible.netcommon.cli_command: command: "{{item}}" prompt: - "New password" @@ -16,4 +16,4 @@ - "commit" - name: TURN ON NETCONF ON PORT 830 - junos_netconf: + junipernetworks.junos.junos_netconf: diff --git a/provisioner/roles/configure_routers/tasks/main.yml b/roles/configure_routers/tasks/main.yml similarity index 64% rename from provisioner/roles/configure_routers/tasks/main.yml rename to roles/configure_routers/tasks/main.yml index 74712d9c6..9953b58e9 100644 --- a/provisioner/roles/configure_routers/tasks/main.yml +++ b/roles/configure_routers/tasks/main.yml @@ -4,5 +4,9 @@ ansible_connection: network_cli ansible_become: true ansible_become_method: enable - cli_config: + ansible.netcommon.cli_config: config: "{{ lookup('template', 'templates/{{ansible_network_os}}_{{type}}.j2') }}" + register: cli_config_result + until: cli_config_result is success + retries: 10 + delay: 30 diff --git a/provisioner/roles/configure_routers/templates/eos_access.j2 b/roles/configure_routers/templates/eos_access.j2 similarity index 100% rename from provisioner/roles/configure_routers/templates/eos_access.j2 rename to roles/configure_routers/templates/eos_access.j2 diff --git a/provisioner/roles/configure_routers/templates/eos_core.j2 b/roles/configure_routers/templates/eos_core.j2 similarity index 100% rename from provisioner/roles/configure_routers/templates/eos_core.j2 rename to roles/configure_routers/templates/eos_core.j2 diff --git a/provisioner/roles/configure_routers/templates/ios_access.j2 b/roles/configure_routers/templates/ios_access.j2 similarity index 100% rename from provisioner/roles/configure_routers/templates/ios_access.j2 rename to roles/configure_routers/templates/ios_access.j2 diff --git a/provisioner/roles/configure_routers/templates/ios_core.j2 b/roles/configure_routers/templates/ios_core.j2 similarity index 100% rename from provisioner/roles/configure_routers/templates/ios_core.j2 rename to roles/configure_routers/templates/ios_core.j2 diff --git a/provisioner/roles/configure_routers/templates/junos_access.j2 b/roles/configure_routers/templates/junos_access.j2 similarity index 100% rename from provisioner/roles/configure_routers/templates/junos_access.j2 rename to roles/configure_routers/templates/junos_access.j2 diff --git a/provisioner/roles/configure_routers/vars/main.yml b/roles/configure_routers/vars/main.yml similarity index 100% rename from provisioner/roles/configure_routers/vars/main.yml rename to roles/configure_routers/vars/main.yml diff --git a/roles/connectivity_test/meta/argument_spec.yml b/roles/connectivity_test/meta/argument_spec.yml new file mode 100644 index 000000000..c3bcdf114 --- /dev/null +++ b/roles/connectivity_test/meta/argument_spec.yml @@ -0,0 +1,7 @@ +--- +argument_specs: + main: + short_description: Test Ansible connectivity. + options: + routers: + short_description: Test port 22 connectivity on a remote machine. diff --git a/provisioner/roles/connectivity_test/tasks/main.yml b/roles/connectivity_test/tasks/main.yml similarity index 100% rename from provisioner/roles/connectivity_test/tasks/main.yml rename to roles/connectivity_test/tasks/main.yml diff --git a/provisioner/roles/connectivity_test/tasks/routers.yml b/roles/connectivity_test/tasks/routers.yml similarity index 100% rename from provisioner/roles/connectivity_test/tasks/routers.yml rename to roles/connectivity_test/tasks/routers.yml diff --git a/provisioner/roles/control_node/files/ansible-stable-29-prerelease-nightly.repo b/roles/control_node/files/ansible-stable-29-prerelease-nightly.repo similarity index 100% rename from provisioner/roles/control_node/files/ansible-stable-29-prerelease-nightly.repo rename to roles/control_node/files/ansible-stable-29-prerelease-nightly.repo diff --git a/provisioner/roles/control_node/files/vscode_rpminfo b/roles/control_node/files/vscode_rpminfo similarity index 100% rename from provisioner/roles/control_node/files/vscode_rpminfo rename to roles/control_node/files/vscode_rpminfo diff --git a/provisioner/roles/control_node/handlers/main.yml b/roles/control_node/handlers/main.yml similarity index 100% rename from provisioner/roles/control_node/handlers/main.yml rename to roles/control_node/handlers/main.yml diff --git a/roles/control_node/meta/argument_spec.yml b/roles/control_node/meta/argument_spec.yml new file mode 100644 index 000000000..f5de5829b --- /dev/null +++ b/roles/control_node/meta/argument_spec.yml @@ -0,0 +1,130 @@ +--- +argument_specs: + main: + short_description: General configuration for the control node. + options: + username: + description: The workshop username. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + ansible_workshops_url: + description: The repository url for ansible/workshops. + type: str + required: false + ansible_workshops_version: + description: The repository version for ansible/workshops. + type: str + required: false + ansible_workshops_refspec: + description: The repository refspec for ansible/workshops. + type: str + required: false + exercise_src_location: + description: The location of the exercise in ansible/workshops. + type: str + required: false + workshop_type: + description: The type of the workshop. + type: str + required: true + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + towerinstall: + description: Whether to install Ansible Tower. + type: bool + required: false + default: false + tower_node_aws_api_access: + description: Whether Ansible Tower has access ot the AWS API. + type: bool + required: false + default: false + devops: + short_description: Configure the devops workshop. + options: + username: + description: The workshop username. + type: str + required: true + f5: + short_description: Configure the F5 workshop. + options: + username: + description: The workshop username. + type: str + required: true + network: + short_description: Configure the network workshop. + package_dependencies: + short_description: Install general package dependencies for workshops. + route53_update: + short_description: Configure the Route53 update service. + options: + username: + description: The workshop username. + type: str + required: true + security: + short_description: Configure the security workshp + tower: + short_description: Configure Ansible Tower. + options: + tower_installer_url: + description: The URL to the Ansible Tower .tar.gz installer. + type: str + required: false + default_tower_url: + description: The default URL to the Ansible Tower .tar.gz installer. + type: str + required: true + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + tower_license: + description: The tower license file contents. + type: str + required: true + create_cluster: + description: Whether to create an Ansible Tower cluster. + type: bool + required: true + use_manifest: + description: Whether to use a manifest file for the license. + type: bool + required: true + gpgcheck: + description: Whether to perform GPG checking on repository packages. + type: int + required: false + default: 0 + choices: + - 0 + - 1 + aw_repo_url: + description: The repository URL for Ansible Tower installation. + type: str + required: false + default: https://releases.ansible.com/ansible-tower/ + unsupported_workshop: + short_description: Catch-all for unsupported workshop types. + options: + workshop_type: + description: The type of the workshop. + type: str + required: true + venv: + short_description: Set up a virtual environment for Ansible Tower. + options: + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + windows: + short_description: Set up Windows workshop prerequisites. diff --git a/provisioner/roles/control_node/tasks/devops.yml b/roles/control_node/tasks/devops.yml similarity index 100% rename from provisioner/roles/control_node/tasks/devops.yml rename to roles/control_node/tasks/devops.yml diff --git a/provisioner/roles/control_node/tasks/f5.yml b/roles/control_node/tasks/f5.yml similarity index 100% rename from provisioner/roles/control_node/tasks/f5.yml rename to roles/control_node/tasks/f5.yml diff --git a/provisioner/roles/control_node/tasks/main.yml b/roles/control_node/tasks/main.yml similarity index 100% rename from provisioner/roles/control_node/tasks/main.yml rename to roles/control_node/tasks/main.yml diff --git a/provisioner/roles/control_node/tasks/network.yml b/roles/control_node/tasks/network.yml similarity index 100% rename from provisioner/roles/control_node/tasks/network.yml rename to roles/control_node/tasks/network.yml diff --git a/provisioner/roles/control_node/tasks/package_dependencies.yml b/roles/control_node/tasks/package_dependencies.yml similarity index 100% rename from provisioner/roles/control_node/tasks/package_dependencies.yml rename to roles/control_node/tasks/package_dependencies.yml diff --git a/provisioner/roles/control_node/tasks/route53_update.yml b/roles/control_node/tasks/route53_update.yml similarity index 100% rename from provisioner/roles/control_node/tasks/route53_update.yml rename to roles/control_node/tasks/route53_update.yml diff --git a/provisioner/roles/control_node/tasks/security.yml b/roles/control_node/tasks/security.yml similarity index 100% rename from provisioner/roles/control_node/tasks/security.yml rename to roles/control_node/tasks/security.yml diff --git a/provisioner/roles/control_node/tasks/tower.yml b/roles/control_node/tasks/tower.yml similarity index 82% rename from provisioner/roles/control_node/tasks/tower.yml rename to roles/control_node/tasks/tower.yml index 82c82ed85..f4abe6ca9 100644 --- a/provisioner/roles/control_node/tasks/tower.yml +++ b/roles/control_node/tasks/tower.yml @@ -41,9 +41,15 @@ password: "{{admin_password}}" validate_certs: false register: check2 - until: check2.json is defined - retries: 10 - delay: 30 + # wait <= 10 minutes for a satisfactory result, which is + # - something is returned + # - instance_groups[*].capacity > 0 + # - instances[*].capacity > 0 + # if capacity is 0, execution later fails with a seemingly unrelated urllib TLS version error + # we only check instance{s,groups}[0] because we're not clustering + until: check2.json is defined and check2.json.instances[0].capacity > 0 and check2.json.instance_groups[0].capacity > 0 + retries: 60 + delay: 10 - name: Display /api/v2/ping results debug: diff --git a/provisioner/roles/control_node/tasks/unsupported_workshop.yml b/roles/control_node/tasks/unsupported_workshop.yml similarity index 100% rename from provisioner/roles/control_node/tasks/unsupported_workshop.yml rename to roles/control_node/tasks/unsupported_workshop.yml diff --git a/provisioner/roles/control_node/tasks/venv.yml b/roles/control_node/tasks/venv.yml similarity index 100% rename from provisioner/roles/control_node/tasks/venv.yml rename to roles/control_node/tasks/venv.yml diff --git a/provisioner/roles/control_node/tasks/windows.yml b/roles/control_node/tasks/windows.yml similarity index 100% rename from provisioner/roles/control_node/tasks/windows.yml rename to roles/control_node/tasks/windows.yml diff --git a/provisioner/roles/control_node/templates/ansible.cfg.j2 b/roles/control_node/templates/ansible.cfg.j2 similarity index 85% rename from provisioner/roles/control_node/templates/ansible.cfg.j2 rename to roles/control_node/templates/ansible.cfg.j2 index 34691483f..0869620b9 100644 --- a/provisioner/roles/control_node/templates/ansible.cfg.j2 +++ b/roles/control_node/templates/ansible.cfg.j2 @@ -1,5 +1,5 @@ [defaults] -stdout_callback = yaml +stdout_callback = community.general.yaml connection = smart timeout = 60 deprecation_warnings = False diff --git a/provisioner/roles/control_node/templates/krb5.conf.j2 b/roles/control_node/templates/krb5.conf.j2 similarity index 100% rename from provisioner/roles/control_node/templates/krb5.conf.j2 rename to roles/control_node/templates/krb5.conf.j2 diff --git a/provisioner/roles/control_node/templates/route53-update.py.j2 b/roles/control_node/templates/route53-update.py.j2 similarity index 100% rename from provisioner/roles/control_node/templates/route53-update.py.j2 rename to roles/control_node/templates/route53-update.py.j2 diff --git a/provisioner/roles/control_node/templates/route53-update.service.j2 b/roles/control_node/templates/route53-update.service.j2 similarity index 100% rename from provisioner/roles/control_node/templates/route53-update.service.j2 rename to roles/control_node/templates/route53-update.service.j2 diff --git a/provisioner/roles/control_node/templates/sshconfig.j2 b/roles/control_node/templates/sshconfig.j2 similarity index 100% rename from provisioner/roles/control_node/templates/sshconfig.j2 rename to roles/control_node/templates/sshconfig.j2 diff --git a/provisioner/roles/control_node/templates/tower_cluster_install.j2 b/roles/control_node/templates/tower_cluster_install.j2 similarity index 100% rename from provisioner/roles/control_node/templates/tower_cluster_install.j2 rename to roles/control_node/templates/tower_cluster_install.j2 diff --git a/provisioner/roles/control_node/templates/tower_install.j2 b/roles/control_node/templates/tower_install.j2 similarity index 100% rename from provisioner/roles/control_node/templates/tower_install.j2 rename to roles/control_node/templates/tower_install.j2 diff --git a/provisioner/roles/control_node/templates/vimrc.j2 b/roles/control_node/templates/vimrc.j2 similarity index 100% rename from provisioner/roles/control_node/templates/vimrc.j2 rename to roles/control_node/templates/vimrc.j2 diff --git a/roles/cp_fix_mgmt/meta/argument_spec.yml b/roles/cp_fix_mgmt/meta/argument_spec.yml new file mode 100644 index 000000000..8bc54251e --- /dev/null +++ b/roles/cp_fix_mgmt/meta/argument_spec.yml @@ -0,0 +1,4 @@ +--- +argument_specs: + main: + short_description: Fixups for the checkpoint management server. diff --git a/provisioner/roles/cp_fix_mgmt/tasks/main.yml b/roles/cp_fix_mgmt/tasks/main.yml similarity index 100% rename from provisioner/roles/cp_fix_mgmt/tasks/main.yml rename to roles/cp_fix_mgmt/tasks/main.yml diff --git a/roles/cp_setup/meta/argument_spec.yml b/roles/cp_setup/meta/argument_spec.yml new file mode 100644 index 000000000..082629349 --- /dev/null +++ b/roles/cp_setup/meta/argument_spec.yml @@ -0,0 +1,9 @@ +--- +argument_specs: + main: + short_description: Set up the checkpoint server. + options: + ec2_region: + description: The AWS EC2 region the workshop is deployed in. + type: str + required: true diff --git a/provisioner/roles/cp_setup/tasks/main.yml b/roles/cp_setup/tasks/main.yml similarity index 98% rename from provisioner/roles/cp_setup/tasks/main.yml rename to roles/cp_setup/tasks/main.yml index 9ee751ec1..5f346ae99 100644 --- a/provisioner/roles/cp_setup/tasks/main.yml +++ b/roles/cp_setup/tasks/main.yml @@ -64,7 +64,7 @@ {} - name: get gw instances - ec2_instance_info: + community.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: "tag:Name": "{{ inventory_hostname|regex_replace('ansible-1', 'checkpoint_gw') }}" @@ -73,7 +73,7 @@ delegate_to: localhost - name: disable source_dest_checking on AWS interface - ec2_eni: + amazon.aws.ec2_eni: region: "{{ ec2_region }}" eni_id: "{{ gw_inst['instances'][0]['network_interfaces'][0]['network_interface_id'] if gw_inst['instances'][0]['network_interfaces'][0]['attachment']['device_index'] == 1 else gw_inst['instances'][0]['network_interfaces'][1]['network_interface_id'] }}" source_dest_check: false diff --git a/roles/devops/meta/argument_spec.yml b/roles/devops/meta/argument_spec.yml new file mode 100644 index 000000000..5e413a51b --- /dev/null +++ b/roles/devops/meta/argument_spec.yml @@ -0,0 +1,4 @@ +--- +argument_specs: + main: + short_description: Set up devops workshop prerequisites. diff --git a/provisioner/roles/devops/tasks/main.yaml b/roles/devops/tasks/main.yaml similarity index 100% rename from provisioner/roles/devops/tasks/main.yaml rename to roles/devops/tasks/main.yaml diff --git a/provisioner/roles/f5_setup/files/as3.sh b/roles/f5_setup/files/as3.sh similarity index 100% rename from provisioner/roles/f5_setup/files/as3.sh rename to roles/f5_setup/files/as3.sh diff --git a/roles/f5_setup/meta/argument_spec.yml b/roles/f5_setup/meta/argument_spec.yml new file mode 100644 index 000000000..eb767f390 --- /dev/null +++ b/roles/f5_setup/meta/argument_spec.yml @@ -0,0 +1,13 @@ +--- +argument_specs: + main: + short_description: Set up the F5 BIG-IP appliance. + options: + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + admin_password: + description: The F5 BIG-IP admin password. + type: str + required: true diff --git a/roles/f5_setup/tasks/install_as3.yml b/roles/f5_setup/tasks/install_as3.yml new file mode 100644 index 000000000..e86de340e --- /dev/null +++ b/roles/f5_setup/tasks/install_as3.yml @@ -0,0 +1,17 @@ +--- +- name: install AS3 block + block: + - name: Install AS3 + f5networks.f5_modules.bigip_lx_package: + package: "~/{{ as3_release }}" + provider: "{{ provider }}" + register: install_as3 + until: install_as3 is not failed + retries: 5 + rescue: + - name: debug in rescue + debug: + var: install_as3 + - assert: + that: + - "'already installed' in install_as3.msg" diff --git a/roles/f5_setup/tasks/main.yml b/roles/f5_setup/tasks/main.yml new file mode 100644 index 000000000..68a1da86c --- /dev/null +++ b/roles/f5_setup/tasks/main.yml @@ -0,0 +1,77 @@ +--- +- name: Wait for BIG-IP to boot up completely + wait_for: + host: "{{ ansible_host }}" + port: 8443 + state: present + +- name: Set a fact named 'provider' with BIG-IP login information + ansible.builtin.set_fact: + provider: + server: "{{ ansible_host }}" + user: "{{ ansible_user }}" + password: "{{ admin_password }}" + server_port: 8443 + timeout: 300 + validate_certs: "no" + +- name: Change BIG-IP F5 mgmt password + f5networks.f5_modules.bigip_command: + provider: + ssh_keyfile: "{{playbook_dir}}/{{ec2_name_prefix}}/{{ec2_name_prefix}}-private.pem" + transport: cli + user: admin + server: "{{ ansible_host }}" + commands: "modify auth user admin password {{ admin_password }}" + register: change_password + until: change_password is not failed + retries: 5 + delay: 10 + +- name: Wait for API to be Ready + f5networks.f5_modules.bigip_wait: + timeout: 300 + provider: "{{ provider }}" + delegate_to: localhost + +- name: retrieve AS3 RPM + include_tasks: retrieve_as3.yml + +- name: install AS3 RPM + include_tasks: install_as3.yml + +- name: Set db provision.extramb + f5networks.f5_modules.bigip_sys_db: + key: provision.extramb + value: "1024" + provider: "{{ provider }}" + +- name: Set db restjavad.useextramb + f5networks.f5_modules.bigip_sys_db: + key: restjavad.useextramb + value: "true" + provider: "{{ provider }}" + +- name: Set db restjavad.timeout + f5networks.f5_modules.bigip_sys_db: + key: restjavad.timeout + value: "180" + provider: "{{ provider }}" + +- name: Set httpd max-clients + f5networks.f5_modules.bigip_device_httpd: + max_clients: 20 + provider: "{{ provider }}" + +- name: Save Config + f5networks.f5_modules.bigip_config: + save: true + provider: "{{ provider }}" + +- name: Restart REST + f5networks.f5_modules.bigip_command: + provider: "{{ provider }}" + commands: + - restart sys service restjavad + - restart sys service restnoded + ignore_errors: true diff --git a/roles/f5_setup/tasks/retrieve_as3.yml b/roles/f5_setup/tasks/retrieve_as3.yml new file mode 100644 index 000000000..37a402c9a --- /dev/null +++ b/roles/f5_setup/tasks/retrieve_as3.yml @@ -0,0 +1,34 @@ +--- +- name: retrieve as3 RPM from F5 + delegate_to: localhost + connection: local + block: + - name: URL provided + debug: + var: as3_uri + + - name: Get latest AS3 RPM version + ansible.builtin.shell: curl -s {{ as3_uri }} | grep -E rpm | head -1 | cut -d "/" -f 7 | cut -d "=" -f 1 | cut -d "\"" -f 1 + register: as3_output + + - debug: + var: as3_output.stdout_lines[0] + + - ansible.builtin.set_fact: + as3_release: "{{ as3_output.stdout_lines[0] }}" + + - name: Get latest AS3 RPM version + ansible.builtin.shell: curl -s {{ as3_uri }} | grep -E rpm | head -1 | cut -d "/" -f 6 + register: as3_output + + - debug: + var: as3_output.stdout_lines[0] + + - ansible.builtin.set_fact: + as3_release_tag: "{{ as3_output.stdout_lines[0] }}" + + - name: Grab AS3 RPM from github + ansible.builtin.get_url: + url: "{{ as3_uri }}/download/{{ as3_release_tag }}/{{ as3_release }}?raw=true" + dest: "~/" + validate_certs: false diff --git a/roles/gather_router_facts/meta/argument_spec.yml b/roles/gather_router_facts/meta/argument_spec.yml new file mode 100644 index 000000000..7b140c423 --- /dev/null +++ b/roles/gather_router_facts/meta/argument_spec.yml @@ -0,0 +1,17 @@ +--- +argument_specs: + main: + short_description: Gather router facts. + options: + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + ec2_region: + description: The AWS EC2 region to deploy the workshop in. + type: str + required: true + username: + description: The workshop username. + type: str + required: true diff --git a/provisioner/roles/gather_router_facts/tasks/main.yml b/roles/gather_router_facts/tasks/main.yml similarity index 86% rename from provisioner/roles/gather_router_facts/tasks/main.yml rename to roles/gather_router_facts/tasks/main.yml index ae2cd4a56..5422d6f11 100644 --- a/provisioner/roles/gather_router_facts/tasks/main.yml +++ b/roles/gather_router_facts/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: grab facts for rtr1 - ec2_instance_info: + community.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: instance-state-name: running @@ -9,7 +9,7 @@ delegate_to: localhost - name: grab facts for rtr2 - ec2_instance_info: + community.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: instance-state-name: running @@ -18,7 +18,7 @@ delegate_to: localhost - name: grab facts for rtr3 - ec2_instance_info: + community.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: instance-state-name: running @@ -27,7 +27,7 @@ delegate_to: localhost - name: grab facts for rtr4 - ec2_instance_info: + community.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: instance-state-name: running diff --git a/roles/gitlab-client/meta/argument_spec.yml b/roles/gitlab-client/meta/argument_spec.yml new file mode 100644 index 000000000..1a028661e --- /dev/null +++ b/roles/gitlab-client/meta/argument_spec.yml @@ -0,0 +1,21 @@ +--- +argument_specs: + main: + short_description: Configura a GitLab client. + options: + username: + description: The workshop username. + type: str + required: true + admin_password: + description: The GitLab admin password. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true diff --git a/provisioner/roles/gitlab-client/tasks/main.yml b/roles/gitlab-client/tasks/main.yml similarity index 100% rename from provisioner/roles/gitlab-client/tasks/main.yml rename to roles/gitlab-client/tasks/main.yml diff --git a/provisioner/roles/gitlab-client/templates/README.md.j2 b/roles/gitlab-client/templates/README.md.j2 similarity index 100% rename from provisioner/roles/gitlab-client/templates/README.md.j2 rename to roles/gitlab-client/templates/README.md.j2 diff --git a/roles/gitlab-server/meta/argument_spec.yml b/roles/gitlab-server/meta/argument_spec.yml new file mode 100644 index 000000000..2617a7843 --- /dev/null +++ b/roles/gitlab-server/meta/argument_spec.yml @@ -0,0 +1,68 @@ +--- +argument_specs: + main: + short_description: Configure the GitLab server, glue role. + options: + teardown: + description: Whether to execute teardown or creation. + type: bool + required: true + add-users: + short_description: Add workshop users to the GitLab server. + options: + admin_password: + description: The GitLab admin password. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + student_total: + description: The total number of students for the workshop. + type: int + required: true + certbot: + short_description: Set up certbot. + options: + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + dns: + short_description: Create a DNS record for GitLab. + options: + s3_state: + description: Whether the DNS record is present or absent. + type: str + options: + - present + - absent + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + teardown: + short_description: Tear down GitLab DNS entries. + options: + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true diff --git a/provisioner/roles/gitlab-server/tasks/add-users.yml b/roles/gitlab-server/tasks/add-users.yml similarity index 100% rename from provisioner/roles/gitlab-server/tasks/add-users.yml rename to roles/gitlab-server/tasks/add-users.yml diff --git a/provisioner/roles/gitlab-server/tasks/certbot.yml b/roles/gitlab-server/tasks/certbot.yml similarity index 100% rename from provisioner/roles/gitlab-server/tasks/certbot.yml rename to roles/gitlab-server/tasks/certbot.yml diff --git a/provisioner/roles/gitlab-server/tasks/dns.yml b/roles/gitlab-server/tasks/dns.yml similarity index 92% rename from provisioner/roles/gitlab-server/tasks/dns.yml rename to roles/gitlab-server/tasks/dns.yml index c41c3fe41..38aca53e8 100644 --- a/provisioner/roles/gitlab-server/tasks/dns.yml +++ b/roles/gitlab-server/tasks/dns.yml @@ -1,7 +1,7 @@ --- - name: GitLab pre | Create DNS record become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{ workshop_dns_zone }}" record: "gitlab.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}" diff --git a/provisioner/roles/gitlab-server/tasks/main.yml b/roles/gitlab-server/tasks/main.yml similarity index 100% rename from provisioner/roles/gitlab-server/tasks/main.yml rename to roles/gitlab-server/tasks/main.yml diff --git a/provisioner/roles/gitlab-server/tasks/teardown.yml b/roles/gitlab-server/tasks/teardown.yml similarity index 90% rename from provisioner/roles/gitlab-server/tasks/teardown.yml rename to roles/gitlab-server/tasks/teardown.yml index 997912f93..19e857a2b 100644 --- a/provisioner/roles/gitlab-server/tasks/teardown.yml +++ b/roles/gitlab-server/tasks/teardown.yml @@ -1,11 +1,11 @@ --- - name: retrieve zone ID - route53_zone: + community.aws.route53_zone: zone: "{{workshop_dns_zone}}" register: AWSINFO - name: retrieve route53 info - route53_info: + community.aws.route53_info: type: A query: record_sets hosted_zone_id: "{{ AWSINFO.zone_id }}" @@ -15,7 +15,7 @@ - name: delete DNS entries for GitLab become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "gitlab.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" diff --git a/provisioner/roles/gitlab-server/templates/set_root_pw.sh.j2 b/roles/gitlab-server/templates/set_root_pw.sh.j2 similarity index 100% rename from provisioner/roles/gitlab-server/templates/set_root_pw.sh.j2 rename to roles/gitlab-server/templates/set_root_pw.sh.j2 diff --git a/roles/issue_cert/README.md b/roles/issue_cert/README.md deleted file mode 100644 index 4356a87c5..000000000 --- a/roles/issue_cert/README.md +++ /dev/null @@ -1,22 +0,0 @@ -<<<<<<< HEAD -# Ansible Collection - ansible.workshops - -This is the **issue_cert** role (e.g. `ansible.workshops.issue_cert`) - -**Purpose**: update lets encrypt SSL cert for Ansible Automation Platform -======= -# Ansible Collection - ipvsean.ansible_platform_ssl - -update lets encrypt SSL cert for Ansible Automation Platform - ->>>>>>> syncing cert test - - -## Example - -<<<<<<< HEAD -The included Ansible Playbook is injecting the role directly from the `roles` directory, this is not how you would use it in production (you would use `ansible.workshops.issue_cert`) - -======= ->>>>>>> syncing cert test -```ansible-playbook update_cert.yml -e "dns_name=ansible.demoredhat.com"``` diff --git a/roles/issue_cert/meta/argument_spec.yml b/roles/issue_cert/meta/argument_spec.yml new file mode 100644 index 000000000..7deaa74e4 --- /dev/null +++ b/roles/issue_cert/meta/argument_spec.yml @@ -0,0 +1,13 @@ +--- +argument_specs: + main: + short_description: Update the Let's Encrypt SSL cert for Ansible Automation Platform for Ansible Tower. + options: + dns_name: + description: The base URL for Ansible Tower. + type: str + required: true + admin_password: + description: The Ansible Tower admin password. + type: str + required: true diff --git a/roles/issue_cert/tasks/main.yml b/roles/issue_cert/tasks/main.yml index 2bbaac9a3..a7981f15f 100644 --- a/roles/issue_cert/tasks/main.yml +++ b/roles/issue_cert/tasks/main.yml @@ -16,17 +16,43 @@ state: present disable_gpg_check: true + - &tower-pinger-block + block: + - name: check Tower status + shell: "curl --user 'admin:{{ admin_password }}' -vkL -XGET https://localhost/api/v2/ping/" + register: check2 + - name: Display /api/v2/ping results (stdout) + debug: + msg: '{{ check2.stdout }}' + - name: Display /api/v2/ping results (stderr) + debug: + msg: '{{ check2.stderr }}' + - name: change ansible tower base URL - awx.awx.tower_settings: - name: TOWER_URL_BASE - value: "https://{{ dns_name }}" - tower_verify_ssl: false - tower_host: https://localhost - tower_username: admin - tower_password: "{{ admin_password }}" - register: change_base_url - until: change_base_url is not failed - retries: 10 + block: + - &tower-baseurl-task + awx.awx.tower_settings: + name: TOWER_URL_BASE + value: "https://{{ dns_name }}" + tower_verify_ssl: false + tower_host: https://localhost/ + tower_username: admin + tower_password: "{{ admin_password }}" + register: change_base_url + until: change_base_url is not failed + # tower may not be fully up yet, wait for it gratuitously + retries: 12 + delay: 5 + rescue: + - name: Try restarting tower + service: + name: ansible-tower.service + state: restarted + + - *tower-pinger-block + + - <<: *tower-baseurl-task + name: Run failed task again # https://docs.ansible.com/ansible-tower/latest/html/administration/init_script.html - name: make sure Ansible Tower is stopped diff --git a/provisioner/roles/network_hostroutes/handlers/main.yml b/roles/network_hostroutes/handlers/main.yml similarity index 100% rename from provisioner/roles/network_hostroutes/handlers/main.yml rename to roles/network_hostroutes/handlers/main.yml diff --git a/roles/network_hostroutes/meta/argument_spec.yml b/roles/network_hostroutes/meta/argument_spec.yml new file mode 100644 index 000000000..e4dbfe122 --- /dev/null +++ b/roles/network_hostroutes/meta/argument_spec.yml @@ -0,0 +1,17 @@ +--- +argument_specs: + main: + short_description: Set up network routes. + options: + ec2_region: + description: The AWS EC2 region the workshop is deployed in. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + username: + description: The workshop username. + type: str + required: true diff --git a/provisioner/roles/network_hostroutes/tasks/main.yml b/roles/network_hostroutes/tasks/main.yml similarity index 93% rename from provisioner/roles/network_hostroutes/tasks/main.yml rename to roles/network_hostroutes/tasks/main.yml index 86095c78e..ad89eff93 100644 --- a/provisioner/roles/network_hostroutes/tasks/main.yml +++ b/roles/network_hostroutes/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: grab facts for rtr1 - ec2_instance_info: + community.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: instance-state-name: running @@ -9,7 +9,7 @@ delegate_to: localhost - name: grab facts for rtr2 - ec2_instance_info: + community.aws.ec2_instance_info: region: "{{ ec2_region }}" filters: instance-state-name: running diff --git a/provisioner/roles/populate_tower/files/tower_inventory.json b/roles/populate_tower/files/tower_inventory.json similarity index 100% rename from provisioner/roles/populate_tower/files/tower_inventory.json rename to roles/populate_tower/files/tower_inventory.json diff --git a/roles/populate_tower/meta/argument_spec.yml b/roles/populate_tower/meta/argument_spec.yml new file mode 100644 index 000000000..1c16968b2 --- /dev/null +++ b/roles/populate_tower/meta/argument_spec.yml @@ -0,0 +1,98 @@ +--- +argument_specs: + main: + short_description: General Ansible Tower workshop configuration. + options: + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + username: + description: The workshop username. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + workshop_type: + description: The type of the workshop. + type: str + required: true + f5: + short_description: Tower configuration for the F5 workshop. + options: + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + network: + short_description: Tower configuration for the network workshop. + options: + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + rhel: + short_description: Tower configuration for the RHEL workshop. + options: + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + rhel_90: + short_description: Tower configuration for the RHEL 90min workshop. + options: + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + security: + short_description: Tower configuration for the security workshop. + options: + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + username: + description: The workshop username. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + unsupported_workshop: + short_description: Catch-all for unsupported workshop types. + options: + workshop_type: + description: The type of the workshop. + type: str + required: true + windows: + short_description: Tower configuration for the Windows workshop. + options: + admin_password: + description: The Ansible Tower admin password. + type: str + required: true + username: + description: The workshop username. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true diff --git a/provisioner/roles/populate_tower/tasks/f5.yml b/roles/populate_tower/tasks/f5.yml similarity index 81% rename from provisioner/roles/populate_tower/tasks/f5.yml rename to roles/populate_tower/tasks/f5.yml index be6e82c1d..29c8cea60 100644 --- a/provisioner/roles/populate_tower/tasks/f5.yml +++ b/roles/populate_tower/tasks/f5.yml @@ -6,4 +6,4 @@ my_tower_host: "https://{{ ansible_host }}" demo: turn_off_community_grid include_role: - name: "ansible.product_demos.install_demo" + name: ansible.product_demos.install_demo diff --git a/provisioner/roles/populate_tower/tasks/main.yml b/roles/populate_tower/tasks/main.yml similarity index 100% rename from provisioner/roles/populate_tower/tasks/main.yml rename to roles/populate_tower/tasks/main.yml diff --git a/provisioner/roles/populate_tower/tasks/network.yml b/roles/populate_tower/tasks/network.yml similarity index 100% rename from provisioner/roles/populate_tower/tasks/network.yml rename to roles/populate_tower/tasks/network.yml diff --git a/provisioner/roles/populate_tower/tasks/rhel.yml b/roles/populate_tower/tasks/rhel.yml similarity index 81% rename from provisioner/roles/populate_tower/tasks/rhel.yml rename to roles/populate_tower/tasks/rhel.yml index be6e82c1d..29c8cea60 100644 --- a/provisioner/roles/populate_tower/tasks/rhel.yml +++ b/roles/populate_tower/tasks/rhel.yml @@ -6,4 +6,4 @@ my_tower_host: "https://{{ ansible_host }}" demo: turn_off_community_grid include_role: - name: "ansible.product_demos.install_demo" + name: ansible.product_demos.install_demo diff --git a/provisioner/roles/populate_tower/tasks/rhel_90.yml b/roles/populate_tower/tasks/rhel_90.yml similarity index 88% rename from provisioner/roles/populate_tower/tasks/rhel_90.yml rename to roles/populate_tower/tasks/rhel_90.yml index 6b4dcbbef..b34f277b5 100644 --- a/provisioner/roles/populate_tower/tasks/rhel_90.yml +++ b/roles/populate_tower/tasks/rhel_90.yml @@ -17,7 +17,7 @@ my_tower_host: "https://{{ ansible_host }}" demo: hardening include_role: - name: "ansible.product_demos.install_demo" + name: ansible.product_demos.install_demo - name: install demo vars: @@ -26,4 +26,4 @@ my_tower_host: "https://{{ ansible_host }}" demo: turn_off_community_grid include_role: - name: "ansible.product_demos.install_demo" + name: ansible.product_demos.install_demo diff --git a/provisioner/roles/populate_tower/tasks/security.yml b/roles/populate_tower/tasks/security.yml similarity index 100% rename from provisioner/roles/populate_tower/tasks/security.yml rename to roles/populate_tower/tasks/security.yml diff --git a/provisioner/roles/populate_tower/tasks/unsupported_workshop.yml b/roles/populate_tower/tasks/unsupported_workshop.yml similarity index 100% rename from provisioner/roles/populate_tower/tasks/unsupported_workshop.yml rename to roles/populate_tower/tasks/unsupported_workshop.yml diff --git a/provisioner/roles/populate_tower/tasks/windows.yml b/roles/populate_tower/tasks/windows.yml similarity index 100% rename from provisioner/roles/populate_tower/tasks/windows.yml rename to roles/populate_tower/tasks/windows.yml diff --git a/provisioner/roles/populate_tower/templates/backup.j2 b/roles/populate_tower/templates/backup.j2 similarity index 100% rename from provisioner/roles/populate_tower/templates/backup.j2 rename to roles/populate_tower/templates/backup.j2 diff --git a/provisioner/roles/populate_tower/templates/banner.json b/roles/populate_tower/templates/banner.json similarity index 100% rename from provisioner/roles/populate_tower/templates/banner.json rename to roles/populate_tower/templates/banner.json diff --git a/provisioner/roles/populate_tower/templates/l3_interface.json b/roles/populate_tower/templates/l3_interface.json similarity index 100% rename from provisioner/roles/populate_tower/templates/l3_interface.json rename to roles/populate_tower/templates/l3_interface.json diff --git a/provisioner/roles/populate_tower/templates/ldap_conf.json.j2 b/roles/populate_tower/templates/ldap_conf.json.j2 similarity index 100% rename from provisioner/roles/populate_tower/templates/ldap_conf.json.j2 rename to roles/populate_tower/templates/ldap_conf.json.j2 diff --git a/provisioner/roles/populate_tower/templates/security_survey_ids_rule.json b/roles/populate_tower/templates/security_survey_ids_rule.json similarity index 100% rename from provisioner/roles/populate_tower/templates/security_survey_ids_rule.json rename to roles/populate_tower/templates/security_survey_ids_rule.json diff --git a/provisioner/roles/populate_tower/templates/survey_spec.json b/roles/populate_tower/templates/survey_spec.json similarity index 100% rename from provisioner/roles/populate_tower/templates/survey_spec.json rename to roles/populate_tower/templates/survey_spec.json diff --git a/provisioner/roles/populate_tower/templates/system.json b/roles/populate_tower/templates/system.json similarity index 100% rename from provisioner/roles/populate_tower/templates/system.json rename to roles/populate_tower/templates/system.json diff --git a/provisioner/roles/populate_tower/templates/tower_config_adhoc.json.j2 b/roles/populate_tower/templates/tower_config_adhoc.json.j2 similarity index 100% rename from provisioner/roles/populate_tower/templates/tower_config_adhoc.json.j2 rename to roles/populate_tower/templates/tower_config_adhoc.json.j2 diff --git a/provisioner/roles/populate_tower/templates/tower_group.json.j2 b/roles/populate_tower/templates/tower_group.json.j2 similarity index 100% rename from provisioner/roles/populate_tower/templates/tower_group.json.j2 rename to roles/populate_tower/templates/tower_group.json.j2 diff --git a/provisioner/roles/populate_tower/templates/tower_host.json.j2 b/roles/populate_tower/templates/tower_host.json.j2 similarity index 100% rename from provisioner/roles/populate_tower/templates/tower_host.json.j2 rename to roles/populate_tower/templates/tower_host.json.j2 diff --git a/provisioner/roles/populate_tower/templates/user.json b/roles/populate_tower/templates/user.json similarity index 100% rename from provisioner/roles/populate_tower/templates/user.json rename to roles/populate_tower/templates/user.json diff --git a/provisioner/roles/qradar/defaults/main.yml b/roles/qradar/defaults/main.yml similarity index 100% rename from provisioner/roles/qradar/defaults/main.yml rename to roles/qradar/defaults/main.yml diff --git a/provisioner/roles/qradar/handlers/main.yml b/roles/qradar/handlers/main.yml similarity index 100% rename from provisioner/roles/qradar/handlers/main.yml rename to roles/qradar/handlers/main.yml diff --git a/roles/qradar/meta/argument_spec.yml b/roles/qradar/meta/argument_spec.yml new file mode 100644 index 000000000..a433adde2 --- /dev/null +++ b/roles/qradar/meta/argument_spec.yml @@ -0,0 +1,4 @@ +--- +argument_specs: + main: + short_description: Set up QRadar. diff --git a/provisioner/roles/qradar/tasks/main.yml b/roles/qradar/tasks/main.yml similarity index 100% rename from provisioner/roles/qradar/tasks/main.yml rename to roles/qradar/tasks/main.yml diff --git a/provisioner/roles/qradar/templates/ifcfg-eth0:1.j2 b/roles/qradar/templates/ifcfg-eth0:1.j2 similarity index 100% rename from provisioner/roles/qradar/templates/ifcfg-eth0:1.j2 rename to roles/qradar/templates/ifcfg-eth0:1.j2 diff --git a/provisioner/roles/security_eth1/handlers/main.yml b/roles/security_eth1/handlers/main.yml similarity index 100% rename from provisioner/roles/security_eth1/handlers/main.yml rename to roles/security_eth1/handlers/main.yml diff --git a/roles/security_eth1/meta/argument_spec.yml b/roles/security_eth1/meta/argument_spec.yml new file mode 100644 index 000000000..f2a02dca2 --- /dev/null +++ b/roles/security_eth1/meta/argument_spec.yml @@ -0,0 +1,4 @@ +--- +argument_specs: + main: + short_description: Set up networking on eth1. diff --git a/provisioner/roles/security_eth1/tasks/main.yml b/roles/security_eth1/tasks/main.yml similarity index 100% rename from provisioner/roles/security_eth1/tasks/main.yml rename to roles/security_eth1/tasks/main.yml diff --git a/provisioner/roles/security_eth1/templates/ifcfg-eth1.j2 b/roles/security_eth1/templates/ifcfg-eth1.j2 similarity index 100% rename from provisioner/roles/security_eth1/templates/ifcfg-eth1.j2 rename to roles/security_eth1/templates/ifcfg-eth1.j2 diff --git a/provisioner/roles/security_hostroutes/handlers/main.yml b/roles/security_hostroutes/handlers/main.yml similarity index 100% rename from provisioner/roles/security_hostroutes/handlers/main.yml rename to roles/security_hostroutes/handlers/main.yml diff --git a/roles/security_hostroutes/meta/argument_spec.yml b/roles/security_hostroutes/meta/argument_spec.yml new file mode 100644 index 000000000..dd535aff1 --- /dev/null +++ b/roles/security_hostroutes/meta/argument_spec.yml @@ -0,0 +1,8 @@ +--- +argument_specs: + main: + short_description: Set up snort security host routes, glue entrypoint. + add_hostroutes_from_attacker_to_checkpoint: + short_description: Set up snort security host routes, attacker -> checkpoint. + add_hostroutes_from_snort_to_checkpoint: + short_description: Set up snort security host routes, Snort -> checkpoint. diff --git a/provisioner/roles/security_hostroutes/tasks/add_hostroutes_from_attacker_to_checkpoint.yml b/roles/security_hostroutes/tasks/add_hostroutes_from_attacker_to_checkpoint.yml similarity index 100% rename from provisioner/roles/security_hostroutes/tasks/add_hostroutes_from_attacker_to_checkpoint.yml rename to roles/security_hostroutes/tasks/add_hostroutes_from_attacker_to_checkpoint.yml diff --git a/provisioner/roles/security_hostroutes/tasks/add_hostroutes_from_snort_to_checkpoint.yml b/roles/security_hostroutes/tasks/add_hostroutes_from_snort_to_checkpoint.yml similarity index 100% rename from provisioner/roles/security_hostroutes/tasks/add_hostroutes_from_snort_to_checkpoint.yml rename to roles/security_hostroutes/tasks/add_hostroutes_from_snort_to_checkpoint.yml diff --git a/provisioner/roles/security_hostroutes/tasks/main.yml b/roles/security_hostroutes/tasks/main.yml similarity index 100% rename from provisioner/roles/security_hostroutes/tasks/main.yml rename to roles/security_hostroutes/tasks/main.yml diff --git a/provisioner/roles/splunk_enterprise/README.md b/roles/splunk_enterprise/README.md similarity index 100% rename from provisioner/roles/splunk_enterprise/README.md rename to roles/splunk_enterprise/README.md diff --git a/provisioner/roles/splunk_enterprise/defaults/main.yml b/roles/splunk_enterprise/defaults/main.yml similarity index 100% rename from provisioner/roles/splunk_enterprise/defaults/main.yml rename to roles/splunk_enterprise/defaults/main.yml diff --git a/provisioner/roles/aws_dns/files/lets-encrypt-x3-cross-signed.key b/roles/splunk_enterprise/files/lets-encrypt-x3-cross-signed.key similarity index 100% rename from provisioner/roles/aws_dns/files/lets-encrypt-x3-cross-signed.key rename to roles/splunk_enterprise/files/lets-encrypt-x3-cross-signed.key diff --git a/provisioner/roles/splunk_enterprise/files/splunk_ansible_inventory.ini b/roles/splunk_enterprise/files/splunk_ansible_inventory.ini similarity index 100% rename from provisioner/roles/splunk_enterprise/files/splunk_ansible_inventory.ini rename to roles/splunk_enterprise/files/splunk_ansible_inventory.ini diff --git a/provisioner/roles/splunk_enterprise/files/splunk_ansible_vars.yml b/roles/splunk_enterprise/files/splunk_ansible_vars.yml similarity index 100% rename from provisioner/roles/splunk_enterprise/files/splunk_ansible_vars.yml rename to roles/splunk_enterprise/files/splunk_ansible_vars.yml diff --git a/provisioner/roles/splunk_enterprise/handlers/main.yml b/roles/splunk_enterprise/handlers/main.yml similarity index 100% rename from provisioner/roles/splunk_enterprise/handlers/main.yml rename to roles/splunk_enterprise/handlers/main.yml diff --git a/roles/splunk_enterprise/meta/argument_spec.yml b/roles/splunk_enterprise/meta/argument_spec.yml new file mode 100644 index 000000000..e89892ac0 --- /dev/null +++ b/roles/splunk_enterprise/meta/argument_spec.yml @@ -0,0 +1,25 @@ +--- +argument_specs: + main: + short_description: Install Splunk Enterprise. + options: + username: + description: The workshop username. + type: str + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + student_total: + description: The total number of students for the workshop. + type: int + required: true + teardown: + description: Whether to execute teardown or creation. + type: bool + required: true diff --git a/provisioner/roles/splunk_enterprise/meta/main.yml b/roles/splunk_enterprise/meta/main.yml similarity index 100% rename from provisioner/roles/splunk_enterprise/meta/main.yml rename to roles/splunk_enterprise/meta/main.yml diff --git a/provisioner/roles/splunk_enterprise/tasks/main.yml b/roles/splunk_enterprise/tasks/main.yml similarity index 97% rename from provisioner/roles/splunk_enterprise/tasks/main.yml rename to roles/splunk_enterprise/tasks/main.yml index 8b2486247..db46a1c03 100644 --- a/provisioner/roles/splunk_enterprise/tasks/main.yml +++ b/roles/splunk_enterprise/tasks/main.yml @@ -2,12 +2,12 @@ - name: REMOVE SPLUNK DNS block: - name: GRAB ZONE ID - route53_zone: + community.aws.route53_zone: zone: "{{workshop_dns_zone}}" register: AWSINFO - name: GRAB ROUTE53 INFORMATION - route53_info: + community.aws.route53_info: type: A query: record_sets hosted_zone_id: "{{AWSINFO.zone_id}}" @@ -17,7 +17,7 @@ - name: DELETE DNS ENTRIES FOR EACH STUDENT become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "student{{item}}.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" @@ -43,7 +43,7 @@ ignore_errors: true - name: DNS FOR SPLUNK become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "{{username}}-siem.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" diff --git a/provisioner/roles/aws_dns/templates/combined_cert.j2 b/roles/splunk_enterprise/templates/combined_cert.j2 similarity index 100% rename from provisioner/roles/aws_dns/templates/combined_cert.j2 rename to roles/splunk_enterprise/templates/combined_cert.j2 diff --git a/provisioner/roles/splunk_enterprise/tests/inventory b/roles/splunk_enterprise/tests/inventory similarity index 100% rename from provisioner/roles/splunk_enterprise/tests/inventory rename to roles/splunk_enterprise/tests/inventory diff --git a/provisioner/roles/splunk_enterprise/tests/test.yml b/roles/splunk_enterprise/tests/test.yml similarity index 100% rename from provisioner/roles/splunk_enterprise/tests/test.yml rename to roles/splunk_enterprise/tests/test.yml diff --git a/provisioner/roles/splunk_enterprise/vars/main.yml b/roles/splunk_enterprise/vars/main.yml similarity index 100% rename from provisioner/roles/splunk_enterprise/vars/main.yml rename to roles/splunk_enterprise/vars/main.yml diff --git a/provisioner/roles/tower_request/defaults/main.yml b/roles/tower_request/defaults/main.yml similarity index 100% rename from provisioner/roles/tower_request/defaults/main.yml rename to roles/tower_request/defaults/main.yml diff --git a/roles/tower_request/meta/argument_spec.yml b/roles/tower_request/meta/argument_spec.yml new file mode 100644 index 000000000..12c5e0ae3 --- /dev/null +++ b/roles/tower_request/meta/argument_spec.yml @@ -0,0 +1,26 @@ +--- +argument_specs: + main: + short_description: Execute a feedback callback. + options: + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + aws_user: + description: The AWS user. + type: str + required: true + ec2_region: + description: The AWS EC2 region the workshop is deployed in. + type: str + required: true + student_total: + description: The total number of students for the workshop. + type: int + required: true + workshop_type: + description: The type of the workshop. + type: str + required: false + default: unknown diff --git a/provisioner/roles/tower_request/tasks/main.yml b/roles/tower_request/tasks/main.yml similarity index 100% rename from provisioner/roles/tower_request/tasks/main.yml rename to roles/tower_request/tasks/main.yml diff --git a/provisioner/roles/user_accounts/defaults/main.yml b/roles/user_accounts/defaults/main.yml similarity index 100% rename from provisioner/roles/user_accounts/defaults/main.yml rename to roles/user_accounts/defaults/main.yml diff --git a/roles/user_accounts/meta/argument_spec.yml b/roles/user_accounts/meta/argument_spec.yml new file mode 100644 index 000000000..c1908829e --- /dev/null +++ b/roles/user_accounts/meta/argument_spec.yml @@ -0,0 +1,13 @@ +--- +argument_specs: + main: + short_description: Set up local user accounts. + options: + username: + description: The workshop username. + type: str + required: true + admin_password: + description: The user's password. + type: str + required: true diff --git a/provisioner/roles/user_accounts/tasks/main.yml b/roles/user_accounts/tasks/main.yml similarity index 100% rename from provisioner/roles/user_accounts/tasks/main.yml rename to roles/user_accounts/tasks/main.yml diff --git a/roles/webservers/meta/argument_spec.yml b/roles/webservers/meta/argument_spec.yml new file mode 100644 index 000000000..26a5daea8 --- /dev/null +++ b/roles/webservers/meta/argument_spec.yml @@ -0,0 +1,24 @@ +--- +argument_specs: + main: + short_description: Set up webservers and workshop-specific config. + options: + short_name: + description: The short name of the instance. + type: str + required: true + workshop_type: + description: The type of the workshop. + type: str + required: true + f5: + short_description: Configure webservers specific to the F5 workshop. + security: + short_description: Configure webservers specific to the security workshop. + unsupported_workshop: + short_description: Catch-all for unsupported workshop types. + options: + workshop_type: + description: The type of the workshop. + type: str + required: true diff --git a/provisioner/roles/webservers/tasks/f5.yml b/roles/webservers/tasks/f5.yml similarity index 100% rename from provisioner/roles/webservers/tasks/f5.yml rename to roles/webservers/tasks/f5.yml diff --git a/provisioner/roles/webservers/tasks/main.yml b/roles/webservers/tasks/main.yml similarity index 100% rename from provisioner/roles/webservers/tasks/main.yml rename to roles/webservers/tasks/main.yml diff --git a/provisioner/roles/webservers/tasks/security.yml b/roles/webservers/tasks/security.yml similarity index 100% rename from provisioner/roles/webservers/tasks/security.yml rename to roles/webservers/tasks/security.yml diff --git a/provisioner/roles/webservers/tasks/unsupported_workshop.yml b/roles/webservers/tasks/unsupported_workshop.yml similarity index 100% rename from provisioner/roles/webservers/tasks/unsupported_workshop.yml rename to roles/webservers/tasks/unsupported_workshop.yml diff --git a/provisioner/roles/webservers/templates/index.j2 b/roles/webservers/templates/index.j2 similarity index 100% rename from provisioner/roles/webservers/templates/index.j2 rename to roles/webservers/templates/index.j2 diff --git a/provisioner/roles/webservers_attack_simulation/files/ddos_simulation b/roles/webservers_attack_simulation/files/ddos_simulation similarity index 100% rename from provisioner/roles/webservers_attack_simulation/files/ddos_simulation rename to roles/webservers_attack_simulation/files/ddos_simulation diff --git a/provisioner/roles/webservers_attack_simulation/files/sql_injection_simulation b/roles/webservers_attack_simulation/files/sql_injection_simulation similarity index 100% rename from provisioner/roles/webservers_attack_simulation/files/sql_injection_simulation rename to roles/webservers_attack_simulation/files/sql_injection_simulation diff --git a/provisioner/roles/webservers_attack_simulation/files/web_attack_simulation b/roles/webservers_attack_simulation/files/web_attack_simulation similarity index 100% rename from provisioner/roles/webservers_attack_simulation/files/web_attack_simulation rename to roles/webservers_attack_simulation/files/web_attack_simulation diff --git a/roles/webservers_attack_simulation/meta/argument_spec.yml b/roles/webservers_attack_simulation/meta/argument_spec.yml new file mode 100644 index 000000000..761aee12b --- /dev/null +++ b/roles/webservers_attack_simulation/meta/argument_spec.yml @@ -0,0 +1,4 @@ +--- +argument_specs: + main: + short_description: Prepare a webserver for attack simulation. diff --git a/provisioner/roles/webservers_attack_simulation/tasks/main.yml b/roles/webservers_attack_simulation/tasks/main.yml similarity index 100% rename from provisioner/roles/webservers_attack_simulation/tasks/main.yml rename to roles/webservers_attack_simulation/tasks/main.yml diff --git a/provisioner/roles/windows_ws_setup/defaults/main.yml b/roles/windows_ws_setup/defaults/main.yml similarity index 100% rename from provisioner/roles/windows_ws_setup/defaults/main.yml rename to roles/windows_ws_setup/defaults/main.yml diff --git a/provisioner/roles/windows_ws_setup/files/setup.iss b/roles/windows_ws_setup/files/setup.iss similarity index 100% rename from provisioner/roles/windows_ws_setup/files/setup.iss rename to roles/windows_ws_setup/files/setup.iss diff --git a/roles/windows_ws_setup/meta/argument_spec.yml b/roles/windows_ws_setup/meta/argument_spec.yml new file mode 100644 index 000000000..4d10ebc68 --- /dev/null +++ b/roles/windows_ws_setup/meta/argument_spec.yml @@ -0,0 +1,12 @@ +--- +argument_specs: + main: + short_description: Set up Windows workstations, glue entrypoint. + chrome: + short_description: Install Chrome. + myrtille: + short_description: Install Myrtille. + server_mgmt: + short_description: Disable Server Management startup and EC2 desktop customizations. + smartconsole: + short_description: Install SmartConsole. diff --git a/provisioner/roles/windows_ws_setup/tasks/chrome.yml b/roles/windows_ws_setup/tasks/chrome.yml similarity index 71% rename from provisioner/roles/windows_ws_setup/tasks/chrome.yml rename to roles/windows_ws_setup/tasks/chrome.yml index e61fade22..5ddc4e413 100644 --- a/provisioner/roles/windows_ws_setup/tasks/chrome.yml +++ b/roles/windows_ws_setup/tasks/chrome.yml @@ -1,17 +1,17 @@ --- - name: install Chocolatey - win_chocolatey: + chocolatey.chocolatey.win_chocolatey: name: chocolatey state: present - name: disable enhanced exit codes - win_chocolatey_feature: + chocolatey.chocolatey.win_chocolatey_feature: name: useEnhancedExitCodes state: disabled when: ansible_version.full is version_compare('2.8', '<') - name: Install Chromium - win_chocolatey: + chocolatey.chocolatey.win_chocolatey: name: "{{ item }}" ignore_checksums: true with_items: diff --git a/provisioner/roles/windows_ws_setup/tasks/main.yml b/roles/windows_ws_setup/tasks/main.yml similarity index 100% rename from provisioner/roles/windows_ws_setup/tasks/main.yml rename to roles/windows_ws_setup/tasks/main.yml diff --git a/provisioner/roles/windows_ws_setup/tasks/myrtille.yml b/roles/windows_ws_setup/tasks/myrtille.yml similarity index 82% rename from provisioner/roles/windows_ws_setup/tasks/myrtille.yml rename to roles/windows_ws_setup/tasks/myrtille.yml index 120ec1159..86489b9c8 100644 --- a/provisioner/roles/windows_ws_setup/tasks/myrtille.yml +++ b/roles/windows_ws_setup/tasks/myrtille.yml @@ -1,6 +1,6 @@ --- - name: Install IIS and .Net 4.5 on Server - win_feature: + ansible.windows.win_feature: name: - Web-Server - NET-Framework-Core @@ -10,17 +10,17 @@ when: "'Windows 10' not in ansible_distribution" - name: Create temp directory - win_file: + ansible.windows.win_file: path: C:\Temp\ state: directory - name: Check if Myrtille is downloaded - win_stat: + ansible.windows.win_stat: path: C:\Temp\Myrtille_2.5.5_x86_x64_Setup.exe register: myrtille - name: Download Myrtille to specified path only if modified - win_get_url: + ansible.windows.win_get_url: url: https://s3.amazonaws.com/linklight.securityautomation/Myrtille_2.5.5_x86_x64_Setup.exe dest: C:\Temp\Myrtille_2.5.5_x86_x64_Setup.exe checksum: e95438ea3ae5f4363b43a6e2134df771c3d2a213 @@ -31,19 +31,19 @@ retries: 5 - name: Extract the binary - win_command: Myrtille_2.5.5_x86_x64_Setup.exe -o "C:\Temp" -y + ansible.windows.win_command: Myrtille_2.5.5_x86_x64_Setup.exe -o "C:\Temp" -y args: chdir: C:\Temp\ creates: C:\Temp\setup.exe - name: Install Myrtille - win_package: + ansible.windows.win_package: path: C:\Temp\setup.exe arguments: /q creates_path: C:\Program Files (x86)\Myrtille - name: Disable NTLM RDP Authetication requirement - win_regedit: + ansible.windows.win_regedit: path: HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp name: "{{ item }}" data: 0 @@ -53,7 +53,7 @@ - UserAuthentication - name: Create RDP Application - win_iis_webapplication: + community.windows.win_iis_webapplication: name: rdp site: Default Web Site application_pool: MyrtilleAppPool diff --git a/provisioner/roles/windows_ws_setup/tasks/server_mgmt.yml b/roles/windows_ws_setup/tasks/server_mgmt.yml similarity index 69% rename from provisioner/roles/windows_ws_setup/tasks/server_mgmt.yml rename to roles/windows_ws_setup/tasks/server_mgmt.yml index 943975e9c..01c189c66 100644 --- a/provisioner/roles/windows_ws_setup/tasks/server_mgmt.yml +++ b/roles/windows_ws_setup/tasks/server_mgmt.yml @@ -1,20 +1,20 @@ --- - name: Disable Server Management at Startup - win_regedit: + ansible.windows.win_regedit: path: HKCU:\Software\Microsoft\ServerManager\ name: DoNotOpenServerManagerAtLogon data: 1 type: dword - name: Remove EC2 Feedback Icon - win_file: + ansible.windows.win_file: path: C:\Users\Administrator\Desktop\EC2 Feedback.website state: absent - name: Remove EC2 Website Icon - win_file: + ansible.windows.win_file: path: C:\Users\Administrator\Desktop\EC2 Microsoft Windows Guide.website state: absent - name: Remove network notice - win_command: netsh advfirewall firewall set rule group="Network Discovery" new enable=No + ansible.windows.win_command: netsh advfirewall firewall set rule group="Network Discovery" new enable=No diff --git a/provisioner/roles/windows_ws_setup/tasks/smartconsole.yml b/roles/windows_ws_setup/tasks/smartconsole.yml similarity index 79% rename from provisioner/roles/windows_ws_setup/tasks/smartconsole.yml rename to roles/windows_ws_setup/tasks/smartconsole.yml index 9d22fca28..df0a7e875 100644 --- a/provisioner/roles/windows_ws_setup/tasks/smartconsole.yml +++ b/roles/windows_ws_setup/tasks/smartconsole.yml @@ -2,14 +2,14 @@ - name: try win_chocolatey with block rescue block: - name: Download Microsoft Visual C++ Redistributable Packages needed for SmartConsole - win_chocolatey: + chocolatey.chocolatey.win_chocolatey: name: - vcredist2010 - vcredist2012 state: present rescue: - name: Download Microsoft Visual C++ Redistributable Packages needed for SmartConsole - win_chocolatey: + chocolatey.chocolatey.win_chocolatey: name: - vcredist2010 - vcredist2012 @@ -17,28 +17,28 @@ ignore_checksums: true - name: Set strong cryptography on 64 bit .Net Framework (version 4 and above) - win_shell: > + ansible.windows.win_shell: > Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord - name: Set strong cryptography on 32 bit .Net Framework (version 4 and above) - win_shell: > + ansible.windows.win_shell: > Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord - name: Ensure the required NuGet package provider version is installed - win_shell: Find-PackageProvider -Name Nuget -ForceBootstrap -IncludeDependencies -Force + ansible.windows.win_shell: Find-PackageProvider -Name Nuget -ForceBootstrap -IncludeDependencies -Force - name: Install Pscx needed for unzip step later - win_psmodule: + community.windows.win_psmodule: name: pscx allow_clobber: true - name: Check if SmartConsole is downloaded - win_stat: + ansible.windows.win_stat: path: C:\Temp\SmartConsole.exe register: smartconsole - name: Download SmartConsole to specified path only if modified - win_get_url: + ansible.windows.win_get_url: url: https://s3.amazonaws.com/linklight.securityautomation/Check_Point_SmartConsole_R80_40_jumbo_HF_B416_Win.exe dest: C:\Temp\SmartConsole.exe checksum: c8bed1481f168e2af6997dc7d5b43ce4046e01d8 @@ -49,15 +49,15 @@ retries: 5 - name: Unpack SmartConsole archive - win_unzip: + community.windows.win_unzip: src: C:\Temp\SmartConsole.exe dest: C:\Temp\SmartConsole creates: C:\Temp\SmartConsole\SmartConsole.exe - name: Copy installer answer file to appropriate place - win_copy: + ansible.windows.win_copy: src: setup.iss dest: C:\Temp\SmartConsole\setup.iss - name: Execute SmartConsole installer - win_command: C:\Temp\SmartConsole\SmartConsole.exe -s setup.iss + ansible.windows.win_command: C:\Temp\SmartConsole\SmartConsole.exe -s setup.iss diff --git a/provisioner/roles/workshop_attendance/handlers/main.yml b/roles/workshop_attendance/handlers/main.yml similarity index 100% rename from provisioner/roles/workshop_attendance/handlers/main.yml rename to roles/workshop_attendance/handlers/main.yml diff --git a/roles/workshop_attendance/meta/argument_spec.yml b/roles/workshop_attendance/meta/argument_spec.yml new file mode 100644 index 000000000..fd5ee2efd --- /dev/null +++ b/roles/workshop_attendance/meta/argument_spec.yml @@ -0,0 +1,96 @@ +--- +argument_specs: + main: + short_description: Provision the attendance host, glue entrypoint. + options: + teardown: + description: Whether to execute teardown or creation. + type: bool + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + attendance: + short_description: Create the attendance webpage. + options: + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + admin_password: + description: The student's password. + type: str + required: true + workshop_type: + description: The type of the workshop. + type: str + required: true + student_total: + description: The total number of students for the workshop. + type: int + required: true + towerinstall: + description: Whether to install Ansible Tower. + type: bool + required: true + dns_type: + description: The system that manages DNS, e.g. "aws" + type: str + required: true + create_cluster: + description: Whether to create an Ansible Tower cluster. + type: bool + required: true + code_server: + description: Whether to install the VS Code server. + type: bool + required: true + dns: + short_description: Provision DNS for the attendance webpage. + options: + s3_state: + description: Whether the DNS record is present or absent. + type: str + options: + - present + - absent + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + dns_type: + description: The system that manages DNS, e.g. "aws" + type: str + required: true + teardown: + short_description: Remove DNS information for the webpage. + options: + s3_state: + description: Whether the DNS record is present or absent. + type: str + options: + - present + - absent + required: true + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true diff --git a/provisioner/roles/workshop_attendance/tasks/attendance.yml b/roles/workshop_attendance/tasks/attendance.yml similarity index 96% rename from provisioner/roles/workshop_attendance/tasks/attendance.yml rename to roles/workshop_attendance/tasks/attendance.yml index c9a022a72..27379845b 100644 --- a/provisioner/roles/workshop_attendance/tasks/attendance.yml +++ b/roles/workshop_attendance/tasks/attendance.yml @@ -58,7 +58,7 @@ name: PyMySQL - name: Create a new database with name 'workshop' - mysql_db: + community.mysql.mysql_db: name: workshop state: present @@ -69,7 +69,7 @@ register: workshopsql - name: Import SQL file into workshop database - mysql_db: + community.mysql.mysql_db: state: import name: workshop target: /tmp/workshop.sql diff --git a/provisioner/roles/workshop_attendance/tasks/dns.yml b/roles/workshop_attendance/tasks/dns.yml similarity index 93% rename from provisioner/roles/workshop_attendance/tasks/dns.yml rename to roles/workshop_attendance/tasks/dns.yml index 9c62ac387..09c81462c 100644 --- a/provisioner/roles/workshop_attendance/tasks/dns.yml +++ b/roles/workshop_attendance/tasks/dns.yml @@ -1,7 +1,7 @@ --- - name: workshop_attendance | Create DNS record become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{ workshop_dns_zone }}" record: "{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" diff --git a/provisioner/roles/workshop_attendance/tasks/main.yml b/roles/workshop_attendance/tasks/main.yml similarity index 100% rename from provisioner/roles/workshop_attendance/tasks/main.yml rename to roles/workshop_attendance/tasks/main.yml diff --git a/provisioner/roles/workshop_attendance/tasks/teardown.yml b/roles/workshop_attendance/tasks/teardown.yml similarity index 90% rename from provisioner/roles/workshop_attendance/tasks/teardown.yml rename to roles/workshop_attendance/tasks/teardown.yml index 8affc84b7..e39e85892 100644 --- a/provisioner/roles/workshop_attendance/tasks/teardown.yml +++ b/roles/workshop_attendance/tasks/teardown.yml @@ -1,11 +1,11 @@ --- - name: GRAB ZONE ID - route53_zone: + community.aws.route53_zone: zone: "{{workshop_dns_zone}}" register: AWSINFO - name: GRAB ROUTE53 INFORMATION - route53_info: + community.aws.route53_info: type: A query: record_sets hosted_zone_id: "{{AWSINFO.zone_id}}" @@ -15,7 +15,7 @@ - name: DELETE DNS ENTRIES FOR ATTENDANCE HOST become: false - route53: + community.aws.route53: state: "{{ s3_state }}" zone: "{{workshop_dns_zone}}" record: "login.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}" diff --git a/provisioner/roles/workshop_attendance/templates/index.php.j2 b/roles/workshop_attendance/templates/index.php.j2 similarity index 100% rename from provisioner/roles/workshop_attendance/templates/index.php.j2 rename to roles/workshop_attendance/templates/index.php.j2 diff --git a/provisioner/roles/workshop_attendance/templates/list.php.j2 b/roles/workshop_attendance/templates/list.php.j2 similarity index 100% rename from provisioner/roles/workshop_attendance/templates/list.php.j2 rename to roles/workshop_attendance/templates/list.php.j2 diff --git a/provisioner/roles/workshop_attendance/templates/workshop.sql.j2 b/roles/workshop_attendance/templates/workshop.sql.j2 similarity index 100% rename from provisioner/roles/workshop_attendance/templates/workshop.sql.j2 rename to roles/workshop_attendance/templates/workshop.sql.j2 diff --git a/provisioner/roles/workshop_attendance_nginx/defaults/main.yml b/roles/workshop_attendance_nginx/defaults/main.yml similarity index 100% rename from provisioner/roles/workshop_attendance_nginx/defaults/main.yml rename to roles/workshop_attendance_nginx/defaults/main.yml diff --git a/provisioner/roles/workshop_attendance_nginx/files/nginx.repo b/roles/workshop_attendance_nginx/files/nginx.repo similarity index 100% rename from provisioner/roles/workshop_attendance_nginx/files/nginx.repo rename to roles/workshop_attendance_nginx/files/nginx.repo diff --git a/provisioner/roles/workshop_attendance_nginx/handlers/main.yml b/roles/workshop_attendance_nginx/handlers/main.yml similarity index 100% rename from provisioner/roles/workshop_attendance_nginx/handlers/main.yml rename to roles/workshop_attendance_nginx/handlers/main.yml diff --git a/roles/workshop_attendance_nginx/meta/argument_spec.yml b/roles/workshop_attendance_nginx/meta/argument_spec.yml new file mode 100644 index 000000000..ee6ef3767 --- /dev/null +++ b/roles/workshop_attendance_nginx/meta/argument_spec.yml @@ -0,0 +1,22 @@ +--- +argument_specs: + main: + short_description: Set up an nginx site for workshop attendance. + options: + user: + description: The user nginx runs under. + type: str + required: false + default: nginx + config: + description: Extra nginx config files to include. + type: list + elements: str + required: false + default: [] + http_params: + description: Additional nginx HTTP params to apply to the server. + type: list + elements: str + required: false + default: [] diff --git a/provisioner/roles/workshop_attendance_nginx/tasks/main.yml b/roles/workshop_attendance_nginx/tasks/main.yml similarity index 98% rename from provisioner/roles/workshop_attendance_nginx/tasks/main.yml rename to roles/workshop_attendance_nginx/tasks/main.yml index 1212a1edc..c6bf419f3 100644 --- a/provisioner/roles/workshop_attendance_nginx/tasks/main.yml +++ b/roles/workshop_attendance_nginx/tasks/main.yml @@ -32,7 +32,7 @@ state: present - name: set httpd_unified (selinux) - seboolean: + ansible.posix.seboolean: name: "{{ item }}" state: true persistent: true diff --git a/provisioner/roles/workshop_attendance_nginx/templates/nginx.conf.j2 b/roles/workshop_attendance_nginx/templates/nginx.conf.j2 similarity index 100% rename from provisioner/roles/workshop_attendance_nginx/templates/nginx.conf.j2 rename to roles/workshop_attendance_nginx/templates/nginx.conf.j2 diff --git a/provisioner/roles/workshop_attendance_nginx/templates/site.conf.j2 b/roles/workshop_attendance_nginx/templates/site.conf.j2 similarity index 100% rename from provisioner/roles/workshop_attendance_nginx/templates/site.conf.j2 rename to roles/workshop_attendance_nginx/templates/site.conf.j2 diff --git a/roles/workshop_check_setup/defaults/main.yml b/roles/workshop_check_setup/defaults/main.yml new file mode 100644 index 000000000..60b5d1e6b --- /dev/null +++ b/roles/workshop_check_setup/defaults/main.yml @@ -0,0 +1,2 @@ +--- +use_manifest: false diff --git a/roles/workshop_check_setup/meta/argument_spec.yml b/roles/workshop_check_setup/meta/argument_spec.yml new file mode 100644 index 000000000..7b9224cd9 --- /dev/null +++ b/roles/workshop_check_setup/meta/argument_spec.yml @@ -0,0 +1,92 @@ +--- +argument_specs: + main: + short_description: Workshop setup and config preflight verification. + options: + ec2_name_prefix: + description: A prefix for EC2 and DNS resources. + type: str + required: true + workshop_dns_zone: + description: The base DNS zone for the workshop. + type: str + required: true + workshop_type: + description: The type of the workshop. + type: str + required: true + valid_workshop_types: + description: A list of valid workshop types. + type: list + elements: str + required: true + dns_type: + description: The system that manages DNS, e.g. "aws" + type: str + required: true + valid_dns_type: + description: A list of valid DNS provider types. + type: list + elements: str + required: true + network_type: + description: The type of the network provider. + type: str + required: true + valid_network_types: + description: A list of valid network provider types. + type: list + elements: str + required: true + security_console: + description: The type of the security console. + type: str + required: true + valid_security_console_types: + description: A list of valid security console types. + type: list + elements: str + required: true + admin_password: + description: The workshop admin password. + type: str + required: true + default_tower37_url: + description: A fallback URL for Ansible Tower 3.7. + type: str + required: false + default_tower38_url: + description: A fallback URL for Ansible Tower 3.8. + type: str + required: false + towerinstall: + description: Whether to install Ansible Tower. + type: bool + required: true + use_manifest: + description: Whether to use a manifest file for the license. + type: bool + required: true + tower_license_data: + description: Direct variable input for Ansible Tower license data. + type: str + required: false + network: + short_description: Verify workshop setup for the network workshop. + options: + security: + short_description: Verify workshop setup for the security workshop. + options: + windows_password: + description: The Windows password. + type: str + required: true + unsupported_workshop: + short_description: Catch-all for unsupported workshop types. + options: + workshop_type: + description: The type of the workshop. + type: str + required: true + windows: + short_description: Verify workshop setup for Windows workshops. diff --git a/provisioner/roles/workshop_check_setup/tasks/main.yml b/roles/workshop_check_setup/tasks/main.yml similarity index 83% rename from provisioner/roles/workshop_check_setup/tasks/main.yml rename to roles/workshop_check_setup/tasks/main.yml index c02f63fcc..2dece1684 100644 --- a/provisioner/roles/workshop_check_setup/tasks/main.yml +++ b/roles/workshop_check_setup/tasks/main.yml @@ -128,30 +128,6 @@ - towerinstall - not use_manifest -- name: install newest collections - vars: - collection_path: "{{ lookup('config', 'COLLECTIONS_PATHS')}}" - block: - - name: install product_demos collection - shell: "ansible-galaxy collection install {{item}} --force-with-deps " - loop: "{{ collections }}" - register: galaxy - until: galaxy is not failed - retries: 5 - when: - - towerinstall - rescue: - - name: checking to see if older install collection is available - debug: - msg: - - "Looking at the following collection paths {{ collection_path }} " - - "only testing {{ collection_path|first }} " - - - name: check if the collections exist - stat: - path: "{{ collection_path|first }}/{{ item | replace('.', '/') }}" - loop: "{{ collections }}" - - name: check workshop specific information include_tasks: "{{item}}" with_first_found: diff --git a/provisioner/roles/workshop_check_setup/tasks/network.yml b/roles/workshop_check_setup/tasks/network.yml similarity index 100% rename from provisioner/roles/workshop_check_setup/tasks/network.yml rename to roles/workshop_check_setup/tasks/network.yml diff --git a/provisioner/roles/workshop_check_setup/tasks/security.yml b/roles/workshop_check_setup/tasks/security.yml similarity index 100% rename from provisioner/roles/workshop_check_setup/tasks/security.yml rename to roles/workshop_check_setup/tasks/security.yml diff --git a/provisioner/roles/workshop_check_setup/tasks/unsupported_workshop.yml b/roles/workshop_check_setup/tasks/unsupported_workshop.yml similarity index 100% rename from provisioner/roles/workshop_check_setup/tasks/unsupported_workshop.yml rename to roles/workshop_check_setup/tasks/unsupported_workshop.yml diff --git a/provisioner/roles/workshop_check_setup/tasks/windows.yml b/roles/workshop_check_setup/tasks/windows.yml similarity index 100% rename from provisioner/roles/workshop_check_setup/tasks/windows.yml rename to roles/workshop_check_setup/tasks/windows.yml diff --git a/tox.ini b/tox.ini index c8157706c..8522b2d7d 100644 --- a/tox.ini +++ b/tox.ini @@ -14,9 +14,11 @@ commands = sitepackages = True whitelist_externals = ansible-playbook + ansible-galaxy bash + curl deps = - ansible < 2.10 + ansible-core netaddr pywinrm requests @@ -30,6 +32,10 @@ deps = urllib3 >= 1.25.10 setenv = ANSIBLE_CONFIG = provisioner/ansible.cfg + # globally add more retries and clientside delays to boto functions to fix AWS throttling/timeouts + # https://github.com/boto/botocore/blob/master/botocore/configprovider.py#L99 + AWS_MAX_ATTEMPTS = 10 + AWS_RETRY_MODE = standard passenv = AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY @@ -37,7 +43,11 @@ passenv = commands_pre = python provisioner/tests/generate_ci_common.py ansible --version - + ansible-galaxy collection build --verbose --output-path build/ + # tox doesn't expand wildcards, so we run a shell to expand it explicitly + /bin/sh -c 'ansible-galaxy collection install --verbose build/*.tar.gz' + # monkeypatching to prevent route53 throttling (backoffs and pauses are ineffective) + /bin/sh -c 'sed -E -i -e "s/record_sets = .*build_full_result\(\)/record_sets = client.list_resource_record_sets(**params)/" "$(find /root/ /home/ /usr/ -name route53_info.py)"' [testenv:workshop-rhel] sitepackages = {[testenv:workshops]sitepackages}