sync changes to Sean's branch

provisioner/group_vars/all/all.yml

@@ -1,4 +1,5 @@
 ---
+student_user: student
 admin_password: ansible
 code_server: true
 workshop_dns_zone: "rhdemo.io"

provisioner/packer/pre_build_controller.yml

@@ -17,7 +17,13 @@
     dns_type: none
     controllerinstall: true
     code_server: true
+    username: student
+    student: "{{ username }}"
   tasks:
+    - include_role:
+        name: ../../roles/user_accounts
+    - include_role:
+        name: ../../roles/common
     - include_role:
         name: ../../roles/connectivity_test
     - include_role:

provisioner/provision_lab.yml

@@ -63,13 +63,15 @@
 
 - name: Configure common options on managed nodes and control nodes
   hosts: "managed_nodes:control_nodes"
-  gather_facts: false
   become: true
   tasks:
-    - include_role:
-        name: ../roles/user_accounts
-    - include_role:
-        name: ../roles/common
+    - name: run user_accounts and common roles
+      when: not pre_build|bool
+      block:
+      - include_role:
+          name: ../roles/user_accounts
+      - include_role:
+          name: ../roles/common
 
 - name: Configure /etc/hosts
   hosts: 'managed_nodes:control_nodes'
@@ -78,7 +80,7 @@
   tasks:
     - name: setup /etc/hosts file per student
       copy:
-        src: "{{ playbook_dir }}/{{ec2_name_prefix}}/{{ username }}-etchosts.txt"
+        src: "{{ playbook_dir }}/{{ ec2_name_prefix }}/{{ student }}-etchosts.txt"
         dest: "/etc/hosts"
         owner: "{{ username }}"
         group: "{{ username }}"
@@ -90,6 +92,10 @@
   tasks:
     - include_role:
         name: ../roles/control_node
+      when: not pre_build|bool
+
+    - include_role:
+        name: ../roles/control_node_always
 
     - include_role:
         name: ../roles/code_server

roles/aws_dns/tasks/create.yml

@@ -4,7 +4,7 @@
   community.aws.route53:
     state: "{{ s3_state }}"
     zone: "{{ workshop_dns_zone }}"
-    record: "{{ username }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}"
+    record: "{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}"
     type: A
     overwrite: true
     value: "{{ ansible_host }}"

roles/aws_dns/tasks/main.yml

@@ -5,7 +5,7 @@
 
 - name: check to see if SSL cert already applied
   uri:
-    url: "https://{{ username }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}/api/v2/ping/"
+    url: "https://{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}/api/v2/ping/"
     method: GET
     user: admin
     password: "{{ admin_password }}"
@@ -24,7 +24,7 @@
 
     - name: configure SSL cert for Automation Controller
       vars:
-        dns_name: "{{username}}.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}"
+        dns_name: "{{ student }}.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}"
       include_role:
         name: "{{ playbook_dir|dirname }}/roles/issue_cert"
   when:

roles/aws_dns/tasks/teardown.yml

@@ -1,31 +1,31 @@
 ---
-- name: GRAB ZONE ID
+- name: retrieve zone id
   community.aws.route53_zone:
-    zone: "{{workshop_dns_zone}}"
+    zone: "{{ workshop_dns_zone }}"
   register: AWSINFO
 
-- name: GRAB ROUTE53 INFORMATION
+- name: retrieve route53 info
   community.aws.route53_info:
     type: A
     query: record_sets
     hosted_zone_id: "{{AWSINFO.zone_id}}"
     start_record_name: "student1.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}"
   register: record_sets
 
-- name: DELETE DNS ENTRIES FOR EACH STUDENT
+- name: delete DNS entries for each student
   become: false
   community.aws.route53:
     state: "{{ s3_state }}"
-    zone: "{{workshop_dns_zone}}"
+    zone: "{{ workshop_dns_zone }}"
     record: "student{{item}}.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}"
     type: A
     value: "{{ (records | first | first)['Value'] }}"
   loop: "{{ range(1, student_total + 1)|list }}"
   vars:
-    records: '{{record_sets.ResourceRecordSets | selectattr("Name", "match", "student" + item|string + "." + ec2_name_prefix|lower + "." + workshop_dns_zone) | map(attribute="ResourceRecords") | list }}'
+    records: '{{ record_sets.ResourceRecordSets | selectattr("Name", "match", "student" + item|string + "." + ec2_name_prefix|lower + "." + workshop_dns_zone) | map(attribute="ResourceRecords") | list }}'
   when: records | length > 0
 
-- name: GRAB ROUTE53 INFORMATION - Satellite
+- name: retrieve route53 information satellite
   community.aws.route53_info:
     type: A
     query: record_sets
@@ -37,7 +37,7 @@
   become: false
   community.aws.route53:
     state: "{{ s3_state }}"
-    zone: "{{workshop_dns_zone}}"
+    zone: "{{ workshop_dns_zone }}"
     record: "student{{item}}-sat.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}"
     type: A
     value: "{{ (records | first | first)['Value'] }}"
@@ -58,10 +58,10 @@
   become: false
   community.aws.route53:
     state: "{{ s3_state }}"
-    zone: "{{workshop_dns_zone}}"
-    record: "{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}"
+    zone: "{{ workshop_dns_zone }}"
+    record: "{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}"
     type: A
     value: "{{ (records | first | first)['Value'] }}"
   vars:
-    records: '{{record_sets_zone_root.ResourceRecordSets | selectattr("Name", "match", ec2_name_prefix|lower + "." + workshop_dns_zone) | map(attribute="ResourceRecords") | list }}'
+    records: '{{ record_sets_zone_root.ResourceRecordSets | selectattr("Name", "match", ec2_name_prefix|lower + "." + workshop_dns_zone) | map(attribute="ResourceRecords") | list }}'
   when: records | length > 0

roles/code_server/tasks/codeserver.yml

@@ -7,7 +7,7 @@
   community.aws.route53:
     state: "{{ s3_state }}"
     zone: "{{ workshop_dns_zone }}"
-    record: "{{ username }}-code.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}"
+    record: "{{ student }}-code.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}"
     type: A
     overwrite: true
     value: "{{ ansible_host }}"
@@ -47,7 +47,7 @@
   template:
     src: code-server.service.j2
     dest: /etc/systemd/system/code-server.service
-    owner: "{{username}}"
+    owner: "{{ username }}"
     group: wheel
     mode: '0744'
 
@@ -107,19 +107,13 @@
 
 # if we do not have a cert we will try to work anyway
 - name: issue cert
-  shell: certbot certonly --no-bootstrap --standalone -d {{ username }}-code.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }} --email [email protected] --noninteractive --agree-tos
+  shell: certbot certonly --no-bootstrap --standalone -d {{ student }}-code.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }} --email [email protected] --noninteractive --agree-tos
   register: issue_cert
   until: issue_cert is not failed
   retries: 5
   ignore_errors: true
   when: workshop_type is defined
 
-# - name: update nginx configuration to support code server
-#   blockinfile:
-#     block: "{{ lookup('template', 'nginx.conf') }}"
-#     dest: /etc/nginx/nginx.conf
-#     insertafter: "http {"
-#
 - name: update nginx configuration to support code server
   ansible.builtin.template:
     src: full_nginx.conf

roles/code_server/tasks/main.yml

@@ -10,7 +10,7 @@
     - name: check to see if SSL cert already applied
       become: false
       community.crypto.get_certificate:
-        host: "{{ username }}-code.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}"
+        host: "{{ student }}-code.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }}"
         port: 443
       delegate_to: localhost
       run_once: true

roles/code_server/tasks/teardown.yml

@@ -2,5 +2,5 @@
 - name: delete DNS specific information
   include_tasks: "{{ item }}"
   with_first_found:
-    - "{{role_path}}/tasks/dns/{{ dns_type }}.yml"
-    - "{{role_path}}/tasks/dns/none.yml"
+    - "{{ role_path }}/tasks/dns/{{ dns_type }}.yml"
+    - "{{ role_path }}/tasks/dns/none.yml"

roles/code_server/templates/nginx.conf

@@ -4,7 +4,7 @@
         listen [::]:80;
         listen 443;
         listen [::]:443;
-        server_name {{ username }}-code.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }};
+        server_name {{ student }}-code.{{ ec2_name_prefix|lower }}.{{ workshop_dns_zone }};
       location / {
           proxy_pass http://127.0.0.1:8080;
           proxy_set_header Host $host;
@@ -20,7 +20,7 @@
 
         location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
         {% if issue_cert is not failed %}
-        ssl_certificate /etc/letsencrypt/live/{{username}}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/{{username}}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}/privkey.pem;
+        ssl_certificate /etc/letsencrypt/live/{{ student }}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/{{ student }}-code.{{ec2_name_prefix|lower}}.{{workshop_dns_zone}}/privkey.pem;
         {% endif %}
     }

roles/common/tasks/main.yml

@@ -17,6 +17,10 @@
 - hostname:
     name: "{{ short_name|default('automation-controller') }}.example.com"
 
+- template:
+    src: motd.j2
+    dest: /etc/motd
+
 - meta: flush_handlers
   tags:
     - common

roles/common/templates/motd.j2

@@ -0,0 +1,21 @@
+#### This workbench is for {{ student }} ####
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@@@@@@@@@@@     ############     m@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@@@@@@@@@@     ################   m@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@@@@@@@@@     #################    m@@@@@@@@@@@@       @@@@@@@@@@@@@@@@@@@@  @@@@   @@@@@   @@@@@@@@@@@@@@@@@@@
+@@@@@@@@@     ##################     @@@@@@@@@@@   @@@   #@@@@@@@@@@@@@@@@@  @@@@   @@@@@   @@@@@@@@@@@   @@@@@
+@@@     #####     @@###############     #m@@@@@@   @@@@   @       @@@        @@@@   @@@@@   @       @@       @@
+@@     #######           ###########     m@@@@@@         @   @@@   @   @@@@  @@@@           @@@@@@   @@   @@@@@
+@@@     #########               ########    #m@@   @@   @@     ....@   @@@@  @@@@   @@@@@   @   @@   @@   @@@@@
+@@@@@     ###########@            #######    #m@   @@@   @@       @@@        @@@@   @@@@@   @        @@@    @@@
+@@@@@@@     #########################    m@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@@@@@@@@@@@     ####################     m@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@@@@@@@@@@@@@@@@     #############     m@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+#### This workbench is for {{ student }} ####
+- Public FQDN: {{ student }}.{{ ec2_name_prefix|default("ansible") }}.{{ workshop_dns_zone|default("demo") }}
+— Local FQDN: {{ ansible_fqdn }}
+— Distro: {{ ansible_distribution }} {{ ansible_distribution_version }} {{ ansible_distribution_release }}
+— Virtual: {{ 'YES' if ansible_virtualization_role == 'guest' else 'NO' }}
+— CPUs: {{ ansible_processor_vcpus }}
+— RAM: {{ (ansible_memtotal_mb / 1000) | round(1) }}GB

roles/control_node/tasks/10_aap_setup.yml

@@ -38,4 +38,3 @@
     dest: "/home/{{ username }}/.vimrc"
     owner: "{{ username }}"
     group: "{{ username }}"
-  when: workshop_type is defined