Discussion

[AnwarYagoub]

Hello @smartbit & sorry for always being late

the first commit on this project was on May 31, 2016 now we are on Dec 2016 so its 7 months with no stable outcome that will benefit other who are trying to learn Linux or passing any one of RHCSA or RHCE exams. After 7 months we have done a lot thanks to you on that because I was busy & lazy for the most of the time, but we did not come with a result that is fully operational.

I think we reach this point (if I am correct in my assumption) because when we started to collaborate on this project we did not set a clear goals, instead we just keep on adding what we think is useful & helpful. so IMHO I think we need to set our goals & discuss how we can achieve it instead of just adding features or fixing issues.

Let me specify some goals & feel free to modify it or add on it:

• Create la environment to help users pass RHCSA/RHCE exams.
• Easy to use environment so users can focus on learning not setting up the environment.
• Ability to save & restore lab environment state as whole or a specific machine.
• Download & start directly without waiting for any other step (provisioning takes long time)
• Find a mechanism or solution that will helps us to communicate better and faster in order to get things done.

finally after setting our goals we need to know where we are now from these goals & how to achieve them.

Regards.

[smartbit]

Hi @AnwarYagoub, always great to plan. I'd like to add 6 goals

• install from ISO
  Recently I noticed that I was using Sander's images because vagrant images are not the same as the one's you get when you do an installation from an ISO. E.g. systemctl isolate rescue.target seems to fail on the vagrant images. A second benefit is that it is agnostic of the version of RHEL, whether 7.0 or 7.3, or future versions for-that-matter. I'd like to exercise nmcli on RHEL 7.0 as it is quite different from 7.1+.
• use a local repository Exercises will be consistent and can be tested (see next point). After the initial installation, the student doesn't need to download anything to perform the exercises, as all files are local to the VM host. One could study for the exam without internet access and without the distractions that internet might give.
• automated testing As a first step to a CI/CD pipeline, like in a proper immutable infrastructure. Sander doesn't test his images and some labs failed on his previous lab-setup which is annoying to say the least.
• adaptable to other study methods The exercises of certdepot can not be used with cut-and-paste. Neither can probably those of other books. If we put names and ip-addresses is a single place/file, the lab-environment can easier be adapted to other study methods.
• option to run without GUI
  This is a first step to enable students to run the exercises in a public cloud environment or on a VM-host without a GUI. As far as I know the GUI is needed only for the Sander's KVM exercises 10.2. Page 241 has a chapter called Accessing Virtual Machines from a Text-Only Console which describe how to work with KVM without a GUI.
  Install the GUI on labipa & server1 and execute systemctl set-default multi-user.target.
• password-less logon Similar to what vagrant does. Automate the ssh-copy-id of a local ssh-key e.g ~/.ssh/rhce to each machine both for root and user. This imho is practical and enables putting the machines in the public cloud.

For the goal 1 & 2, we need an automated way of installing from an ISO. The Ansible scripts can mostly be re-used. I can think of two methods, in both the students will still be able to perform the utmost important exercise 11.1:

• use packer in combination with Ansible, for more details see these 2 videos Using Ansible with Vagrant and/or Packer and Vagrant boxes with Packer and copy the complete distribution on labipa, pointing the .repo-file to labipa.
• Create an Installation Server like in Exercises 20.1 which hosts the kickstart files, the ansible files and the complete repository. The .repo-file points to the Installation Server. Combining kickstart files with Ansible is describe in many locations, e.g. here.
  The Installation Server itself could be created with vagrant and Ansible.
• Maybe you can think of other methods?

Let me know what you think.

[AnwarYagoub]

Hello @smartbit ,

I have been tinkering with packer & managed to create a CentOS 7 & Ubuntu 16.04 vagrant boxes using ansible as a provisioner you can check it from this link.

It is not fully ready yet. when you add the resulted .box files from builds directory to vagrant & use it to create a vagrant machine you will get the following error:

==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...

If we got this problem fixed we can use the ubuntu box for caching & centos box to build server1/server2, FreeIPA server & Installation server.

we can also complete the circle by upload packer generated boxes to atlas for easy distribution.

I am with you in all your points but could you elaborate on use a local repository .

[smartbit]

Hi @AnwarYagoub, great you gave this a kickstart! Interesting your using packer to create a Vagrant box, I don't think of that route although it was mentioned in one of the videos (was long time ago I saw that presentation).

you will get the following error:

I think the insecure key is not in the box, although that should have been fixed mitchellh/vagrant#5780.
As recommended here we might download vagrant.pub in a packer script.

wget --no-check-certificate https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub -O .ssh/authorized_keys

we can also complete the circle by upload packer generated boxes to atlas for easy distribution.

Maybe in the future, let's see how stable things are and whether this adds value and not adds download traffic.

I am with you in all your points but could you elaborate on use a local repository .

Great!
Sander's v3.03 images use a local repository as described in README3.0.3.txt similar to Exercise 11.1 (p259). I think we should follow his advice. He also advises not to use EPEL (p253), we might be able to use packer and install _ipaserver without EPEL.

I have a few questions

1. You're using CentOS-7-x86_64-Minimal-1611.iso. Is there any particular reason you use the minimal version? For the GUI you'd need to download more afterwards, multiple times. I suggest we use something likeCentOS-7-x86_64-DVD-1611.iso as it is a one time download or copy and thereafter very limited downloads are needed. Maybe we can even have it mounted persistent on labipa, saving ~1GB diskspace.

2. What would you think of skipping Vagrant all together? Packer in combination with Ansible scripts should be able to create the three servers and set the repository to ftp://labipa.example.com/repo.

[AnwarYagoub]

@smartbit

I think the insecure key is not in the box, although that should have been fixed mitchellh/vagrant#5780. As recommended here we might download vagrant.pub in a packer script.

Thanks I will check this & let you know what happened.

Sander's v3.03 images use a local repository as described in README3.0.3.txt similar to Exercise 11.1 (p259). I think we should follow his advice. He also advises not to use EPEL (p253), we might be able to use packer and install ipa_server without EPEL.

I must confess for the last 2 months I was not following Sander's announcements so I missed the new changes.

EPEL make package installation like (ansible) easier but we will try to comply with Sander's instructions.

You're using CentOS-7-x86_64-Minimal-1611.iso. Is there any particular reason you use the minimal version? For the GUI you'd need to download more afterwards, multiple times. I suggest we use something likeCentOS-7-x86_64-DVD-1611.iso as it is a one time download or copy and thereafter very limited downloads are needed. Maybe we can even have it mounted persistent on labipa, saving ~1GB diskspace.

No specific reason for using 1611 in the Packter-Test project. As you can see in the project anisble is there but I am not doing anything with it rather than display a debug message from a task & from a role to prove that ansible is working. Packer-Test project was just a PoC & we can also use it as a template for our packer configuration.

I have managed to create both AWS AMI & DigitalOcean snapshots using packer I will add the examples to Packer-Test project.

What would you think of skipping Vagrant all together? Packer in combination with Ansible scripts should be able to create the three servers and set the repository to ftp://labipa.example.com/repo.

Yes Packer+Ansible combination is able to do that but I think we can use packer to create a ready server1, server2, & labipa vagrant boxes & upload it to atlas which will reduce the time needed for learners to start the environment (except for the first time) while still providing the packer configuration as a reference they can use to generate their own versions.

Vagrant is easier to work with than Packer not too many moving parts (builders, provisioners, post-processor, .....)

We can also automate the whole process of boxes creation so no headache from our side to create boxes.

We can use packer along with ansible to prepare lab environment for other books or guides like cerdepot or tecmint. To do so we need to design our ansible roles to be as general as possible.

as for:

automated testing As a first step to a CI/CD pipeline, like in a proper immutable infrastructure. Sander doesn't test his images and some labs failed on his previous lab-setup which is annoying to say the least.

I am currently reading these articles: https://www.ansible.com/blog/testing-ansible-roles-with-docker http://www.jeffgeerling.com/blog/testing-ansible-roles-travis-ci-github http://www.jeffgeerling.com/blog/2016/how-i-test-ansible-configuration-on-7-different-oses-docker

---

Below is a list of current requirements to make sure that we are on the same page:

1. Server1:
   • CentOS 7.2 (1511) Server with GUI.
   • IP 192.168.4.210, Gateway 192.168.4.2, DNS 192.168.4.200.
   • DISABLE ALL REPOSITORIES (rm -f /etc/yum.repos.d/*) and set the repository to ftp://labipa.example.com/repo.
2. Server2:
   • CentOS 7.2 (1511) Minimal Server.
   • IP 192.168.4.220, Gateway 192.168.4.2, DNS 192.168.4.200.
   • DISABLE ALL REPOSITORIES (rm -f /etc/yum.repos.d/*) and set the repository to ftp://labipa.example.com/repo.
3. LapIPA:
   • COULD YOU PLEASE LIST THE LATEST REQUIREMENTS.

[smartbit]

@AnwarYagoub all the best wishes and hope you pass your exam(s) in 2017. Looking forward to continuing our fruitful cooperation.

Yes Packer+Ansible combination is able to do that but I think we can use packer to create a ready server1, server2, & labipa vagrant boxes & upload it to atlas which will reduce the time needed for learners to start the environment (except for the first time) while still providing the packer configuration as a reference they can use to generate their own versions.

Great! The the packer configuration in combination with _CentOS-7-x8664-DVD-1611.iso could be useful for those with little bandwidth.

LapIPA: COULD YOU PLEASE LIST THE LATEST REQUIREMENTS.

Currently the requirements are IMHO best described in the Ansible files (as they should be in a immutable infrastructure). By the time we both did all exercises both for part 1 (RHCSA) & part 2 (RHCE) we will know how what the optimal lab-environment for Sander's book is. If possible we can adapt it (e.g. with sections that can be commented in/out) for other books or guides like certdepot or tecmint.

I'll take a look at you're reading list. Thanks.

[AnwarYagoub]

Hello @smartbit,

As always sorry for being late :)

I hope you are fine. I am glad to tell that I've passed the RHCE back in may.

If you are interested to complete this project that will be great.

[smartbit]

@AnwarYagoub Appreciated, I'd like to enhance the project. Congrats with RHCE :tada:

Haven't looked much into RH since January, worked fulltime on Ubuntu with dc/os. Last couple of weeks focusing on CKA. Thereafter plan to pursue RH certification.

[AnwarYagoub]

That's great @smartbit wish you luck with the CKA, I have tinkered with kubernets in the past month so I learned the basics & I am planning to go deep soon so be prepared for my questions :smile:

These days I got a plenty of time that I can dedicate it to this project to make it reach (easy to use state).

when you have a spare time you can pass by this project to check the latest changes.