Replaying and fixing original lab's instructions

00c35a80 · marcoemi.poleggi · 5b39ee9e · 00c35a80
Commit 00c35a80 authored 3 years ago by marcoemi.poleggi
--- a/README.md
+++ b/README.md
-# Ansible-lab
+# Lab: Configuration Management - Ansible and AWS

-Lab template for a deployment exercised with Ansible and AWS
\ No newline at end of file
+Lab template for a CM/deployment exercise with Ansible and AWS.
+
+## Pedagogical objectives ##
+
+  * Become familiar with a configuration management tool
+  * Deploy a web application in an automated fashion
+  * Become familiar with Desired State Configuration
+
+## Tasks ##
+
+In this lab you will perform a number of tasks and document your progress in a
+lab report. Each task specifies one or more deliverables to be
+produced. Collect all the deliverables in your lab report.
+
+**N.B.** Some tasks require interacting with your local machine's OS: any
+related commands are supposed to be run into a terminal with the following
+conventions about the *command line prompt*:
+
+  * `#`: execution with super user's (root) privileges
+  * `$`: execution with normal user's privileges
+  * `lcl`: your local machine
+  * `ins`: your VM instance
+
+
+### Task 1: install Ansible ###
+
+In this task you will install [Ansible](https://www.ansible.com/) on your
+local machine. Please, refer to your [OS
+documentation](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
+for the proper way to do so.
+
+Once done, verify that Ansible is installed correctly by running:
+
+``` shell
+lcl$ ansible --version
+```
+
+### Task 2: Create a VM on Amazon Web Services ###
+
+In this task you will create a VM on Amazon Web Services that will be managed
+by Ansible.
+
+
+  1. Switch the AWS console to the N. Virginia region to avoid resource
+  limitations -- see "Zones" in the "Account attributes" pane.
+
+  2. Import or create an RSA key pair in this region and download the private key.
+
+  3. It it doesn't exist yet, create a security group named `Lab-Ansible-AWS`
+  group that allows incoming SSH, HTTP and HTTPS traffic from anywhere
+  (0.0.0.0/0).
+
+  4. Create an EC2 instance with the following characteristics (all other
+     parameters at default value):
+    - OS: Ubuntu Server 20.04 LTS
+    - type: t2.micro
+    - security group: Lab-Ansible-AWS
+    - key pair: the one you created above
+
+After launching make sure you can SSH into the VM using your private key
+(`<your-private-key>` is a full path):
+
+``` shell
+lcl$  ssh -i <your-private-key> ubuntu@<VM-DNS-name-or-IP-address>
+```
+
+### Task 3: Configure Ansible to connect to the managed VM ###
+
+In this task you will tell Ansible about the machines it shall manage.
+
+Create a "sandbox" directory on your local machine f.i. `~/ansible/playbooks`,
+and create a file called `hosts.yml` which will serve as the inventory file,
+and add the following:
+
+@@@ RESTART FROM HERE @@@
+
+``` yaml
+testserver ansible_ssh_host=<VM-DNS-name-or-IP-address>
+    ansible_user=ubuntu
+    ansible_ssh_private_key_file=<your-private-key>
+```
+
+Verify that you can use Ansible to connect to the server:
+
+ansible testserver -i hosts -m ping
+
+You should see output similar to the following:
+
+testserver | SUCCESS => {
+    "changed": false,
+    "ping": "pong"
+}
+
+testserver | SUCCESS => {
+    "ansible_facts": {
+        "discovered_interpreter_python": "/usr/bin/python3"
+    },
+    "changed": false,
+    "ping": "pong"
+}
+
+We can now simplify the configuration of Ansible by using an ansible.cfg file which allows us to set some defaults.
+
+In the playbooks directory create the file ansible.cfg:
+
+[defaults]
+inventory = hosts
+remote_user = ubuntu
+private_key_file = <path to keyfile.pem>
+host_key_checking = false
+deprecation_warnings = false
+
+Among the default options we also disable SSH's host key checking. This is convenient when we distroy and recreate the managed server (it will get a new host key every time). In production this may be a security risk.
+
+We also disable warnings about deprecated features that the 2.x version of Ansible emits.
+
+With these default values the hosts inventory file now simplifies to:
+
+testserver ansible_ssh_host=<managed VM's public IP address>
+
+We can now run Ansible again and don't need to specify the inventory file any more:
+
+ansible testserver -m ping
+
+The ansible command can be used to run arbitrary commands on the remote machines. Use the -m command option and add the command in the -a option. For example to execute the uptime command:
+
+ansible testserver -m command -a uptime
+
+You should see output similar to this:
+
+testserver | CHANGED | rc=0 >>
+ 18:56:58 up 25 min,  1 user,  load average: 0.00, 0.01, 0.02