07_Assignment_Lab.adoc

Table of Contents

• Homework Assignment
• 1. Business Use Case
• 2. Lab Envronment
  • 2.1. Environment
  • 2.2. Setup
• 3. Overview
  • 3.1. Requirements
  • 3.2. Provision Production Environment

Homework Assignment

Goals

• Assess hands-on proficiency with Red Hat Ansible Tower advanced topics

• Complete this course, leading to Red Hat Delivery Specialist – Ansible Advanced

Criteria

• Assignments take the average student 30-40 hours to complete

• Assignments are an individual effort

  • You must complete your own assignment without collaboration

• Assignments simulate a challenge typically encountered in a Red Hat Consulting engagement

  • Assignment requirements are intentionally vague

• Grading is as follows:

  • 30%: Basic Requirements sections

  • 20%: Provision QA Environment (including smoke test)

  • 25%: Provision Production Environment (including smoke test)

  • 25%: Design Ansible Tower Workflow Job Template

  • Provide sufficient documentation for each section

    • Sections without documentation will not be graded

1. Business Use Case

You are a consultant assigned to a telecommunications company called MitziCom. MitziCom provides hosting and cloud services to a variety of clients, from medium-sized companies to enterprise giants.

MitziCom has asked you to lead a 30- to 40-hour proof-of-concept (POC) using Red Hat Ansible Tower. The purpose of the POC is to determine the feasibility of using Ansible Tower as a CI/CD tool for automating continuous deployment of an internal three-tier application on QA and production environments. Note that this requires maintaining several instances of the application.

2. Lab Envronment

The lab details a recommended process for meeting MitziCom’s requirements, as defined in the lab’s goals. Information about the infrastructure, DNS names, passwords, and more is provided throughout the lab.

2.1. Environment

1. Ansible Advance Homework Assignment

2. OpenStack for Ansible

3. Three Tier Application

Note	Deployment can take between 15 and 45 minutes depending on the software deployed.

2.2. Setup

In this section you will provision lab enviorments needed to develop the POC. Playbooks are given for your help to setup the ssh keys to connect to Openstack enviorment.

1. Navigate to the OPENTLC lab portal and log in using your OPENTLC credentials.

   • If you have forgotten your credentials, visit the OPENTLC Account Management page.

2. Select Services → Catalogs → All Services → OPENTLC Automation → Ansible Advance Homework Assignment.

3. Click the Lab Parameters tab and select your Region.

4. Accept terms and conditions if required, then click Submit.

5. Select Services → Catalogs → All Services → OPENTLC Automation → OpenStack for Ansible.

6. Accept terms and conditions if required, then click Submit.

7. Check your email for a message from Red Hat describing how to connect to the environment, including your GUID (unique identifier), and environment details.

   • Further details are provided in the lab instructions.

2.2.1. For your help.

1. Ansible Tower will be deployed on Ansible Advance Homework Assignment enviornment.

2. You can use credentials to login on tower nodes:

Name	Details
URL	'1-3.{{TOWER_GUID}}.example.opentlc.com'
UserName	'admin'
Password	'r3dh4t1!'

Note	{{TOWER_GUID}} is the GUID (unique identifier) you will get in your after provisioning Ansible Advance Homework Assignment.

2.2.2. Connect to Ansible Advance Homework Assignment Environment

1. Set some environment variables using your lab credentials:

   [laptop ]$ export TOWER_GUID=<"GUID from email">
   [laptop ]$ export MYKEY=<~/.ssh/your_key.pem>
   [laptop ]$ export MYUSER=<username-company.com>
   
   # For example
   [laptop ]$ export TOWER_GUID=e4gh
   [laptop ]$ export MYKEY=~/.ssh/sborenstkey
   [laptop ]$ export MYUSER=shacharb-redhat.com

2. Connect to the bastion host with your OPENTLC ID and private key:

   [laptop ]$ ssh -i ${MYKEY} ${MYUSER}@bastion.${TOWER_GUID}.example.opentlc.com

2.2.3. Setup Workstation from OpenStack for Ansible Environment

1. Clone Git Repo to setup bastion of Ansible Advance Homework Assignment environment and workstaion of OpenStack for Ansible

[user-company.com@bastion ~]$ sudo -i
[root@bastion ~]# git clone <GIT REPO will be updated soon>
[root@bastion ~]# cd <git-repo-name>
[root@bastion ~]# ansible-playbook site-setup-workstation.yml -e "TOWER_GUID=<GUID of Ansible Advance Homework Assignment>" -e "OSP_GUID=<GUID of OpenStack for Ansible>"

Note	OSP_GUID is the GUID you will get in your mail after provsioning OpenStack for Ansible.

3. Overview

In this lab, you continue to develop your good three-tier application playbooks from your pre-class assignment in Lab 00. FinanceTech is pleased with the initial work and wants to move forward with deploying Ansible Engine more widely. They also see potential value in deploying Ansible Tower.

They want your good three-tier application playbooks to be used by internal teams as an internal gold standard, and to serve as an example for other teams to help them adopt best practices, consistency, and reuse.

They ask you to make a final pass and refactor throughout the plays to make sure that they adhere to a very high standard. In particular, they want you to focus on the following:

• Using a clear and consistent style

• Making sure that plays and tasks are self-documenting, with clear and meaningful names

• Making sure that the repositories are fully self-contained

  • FinanceTech is adopting an Infrastructure as Code policy going forward

• Using roles extensively to achieve a high degree of reuse and modularity

• Making sure that optimal modules are used throughout

• Use roles extensively throughout

• Use templates throughout, making sure they are clearly marked as "Ansible generated"

• Use handlers where appropriate

• Use Ansible Vault to protect sensitive information

3.1. Requirements

In this section you will develop playbooks to automate the process of installing isolated node, provision QA Env running on OSP, provision Prod env on AWS and deploy three tier application and run the smoke test.

1. Clone the repo which will act as the skelton of the project.

3.1.1. QA Environment

• Ansible Playbooks are provided to provision network, security groups and keypairs on OpenStack.

  1. OpenStack Platform-hosted infrastructure using the network details provided below:

     Public Network

     Purpose	Subnet
     CIDR	10.10.10.0/24
     Routes	0.0.0.0/0, 192.168.0.0/24
     Nameservers	8.8.8.7, 8.8.8.8

     Private Network

     Purpose	Subnet
     CIDR	20.20.20.0/24

     Note	The private network is a non-routable network.

  2. Security group that allows traffic on the ports required to access the application from the workstation.

[[options="header",caption=""]

Name	Ports	Network	Direction
apps	8080,22	0.0.0.0/0	Ingress
appdbs	5432	20.20.20.0/24	Ingress
appdbs	22	0.0.0.0/0	Ingress

1. A custom flavor per the developer requirements for defining the hardware profile of instances:

   Name	m2.small
   RAM	2048
   VCPUS	1
   Disk	5

2. Keypair with the name ansible_ssh will be created and can be attached to OSP Instances.

   • Develop Playbooks to provision OSP instances to support deployment of three tier app.

3. Implement requirements defined by the developers to test the application.

   • Per the organization’s security policy, you inject two separate public keys

     • Use openstack.pub and openstack.pem keys to connect OpenStack Platform-hosted instances

   • Add public keys for managing instances from Ansible Tower

     • "http://www.opentlc.com/download/ansible_bootcamp/openstack_keys/openstack.pub^"

     • "http://www.opentlc.com/download/ansible_bootcamp/openstack_keys/openstack.pem^"

   • Configure your instance to use the organization’s local yum repository

     • "http://www.opentlc.com/download/ansible_bootcamp/repo/internal.repo^"

4. Develop a task to run a smoke test on the QA environment for the three-tier application from Ansible Tower

5. Develop a playbook to destroy the QA environment on OpenStack if the smoke test fails

3.2. Provision Production Environment

In this section, you write a playbook that uses the script to provision the production environment on AWS.

• Prerequisite for the script that provisions the production environment:

  mkdir ~/bin
  wget http://www.opentlc.com/download/ansible_bootcamp/scripts/common.sh
  wget http://www.opentlc.com/download/ansible_bootcamp/scripts/jq-linux64 -O ~/bin/jq
  wget http://www.opentlc.com/download/ansible_bootcamp/scripts/order_svc.sh
  chmod +x order_svc.sh ~/bin/jq

• Steps to run the shell script to deploy the production environment from the bastion host:

  cat << EOF > credential.rc
  export username=<userid-companyname.com>
  export password=<cf password>
  export uri=https://labs.opentlc.com
  EOF
  
  source credential.rc ; ./order_svc.sh -c 'OPENTLC Automation' -i 'Three Tier Application' -t 1

  Note	Non-Interactive: Use -y if you do not want to be prompted and you are sure you want to continue.

3.2.1. Design Ansible Tower Workflow Job Template

1. Clone the repo which will act as the skelton of the project.

2. For your help the repo contains pre configured playbooks which will help you in your POC.

3. README file in repo contains the list of playbooks with their info.

   • Define a workflow to automate the process of provisioning the QA and production environments

     • Workflow needs to include the deployment and testing of the three-tier application

Outline

1. Deploy instances on OpenStack QA environment

2. Configure instances on OpenStack QA environment (smoke test)

   1. Clean up if failed

3. Deploy instances on AWS using Order_SVC.sh script

4. Configure instances on AWS production environment (smoke test)

   1. Clean up if failed