casc-twitch-demo

Description

This repository give us a place to maintain a control versions of the every object in an Ansible Automation Controller.

CasC (Configuration as Code) means the posibility of define every object of Ansible Automation Controller as code in a git repository. In this lab, we have defined two environments (dev and pro) to do the CasC and interact with a gitops approach between them.

Steps to test the CasC approach

Day-Zero from CLI

NOTE: Execution Environment called ee-casc in the following playbooks has six needed collections (You can use a EE with this collections inside or install each collection in your workspace. If you will not use a EE, you can skip "podman login" steps.):

- name: ansible.controller
- name: ansible.utils
- name: ansible.posix
- name: community.general
- name: redhat_cop.controller_configuration
- name: automationiberia.casc_setup

Before using CasC as a GitOps approach, it is needed to launch an initialization from CLI which it is called Day-Zero.

1. Clone the repository and create a new day-zero branch

   git clone [email protected]:acme/ansible-controller/casc-twitch-demo.git
   cd casc-twitch-demo/
   git checkout -b casc-dev-day0
   

2. Edit credentials to connect to the controller for day zero.

   vi group_vars/dev/configure_connection_controller_credentials.yml
   vi group_vars/pro/configure_connection_controller_credentials.yml
   ansible-vault encrypt group_vars/dev/configure_connection_controller_credentials.yml group_vars/pro/configure_connection_controller_credentials.yml
   

3. Edit credentials for day zero

   vi orgs_vars/casc-twitch-demo/env/dev/controller_credentials.d/controller_credentials.yml
   vi orgs_vars/casc-twitch-demo/env/pro/controller_credentials.d/controller_credentials.yml
   ansible-vault encrypt orgs_vars/casc-twitch-demo/env/pro/controller_credentials.d/* orgs_vars/casc-twitch-demo/env/dev/controller_credentials.d/*
   

4. Check the inventory file. Example:

   [dev]
   demo-ctr1-dev.bcnconsulting.com
   
   [pro]
   demo-ctr1-prd.bcnconsulting.com
   

5. Setting vault credential file

   echo "my_vault_pass" > ~/.vault_password
   ln ~/.vault_password .
   

6. Launch ansible-navigator from CLI to setup day-zero of CasC. Example:

   ansible-navigator run casc_ctrl_config.yml -i inventory -l dev -e '{orgs: casc-twitch-demo, dir_orgs_vars: orgs_vars, env: dev}' -m stdout --eei quay.io/automationiberia/aap/ee-casc --vault-password-file .vault_password
   ansible-navigator run casc_ctrl_config.yml -i inventory -l pro -e '{orgs: casc-twitch-demo, dir_orgs_vars: orgs_vars, env: pro}' -m stdout --eei quay.io/automationiberia/aap/ee-casc --vault-password-file .vault_password
   

7. Push the changes

   git status -s
   git add -A
   git commit -m "CasC day zero"
   git push origin casc-dev-day0
   

8. Pomote the casc-dev-day0 branch to dev (dev branch)

   • Select the source branch as casc-dev-day0 and dev as the destination one]

   • Fill in the merge request information

   • Approve the Merge Request.

9. Promote the dev branch to pro (pro branch)

   • Select the source branch as dev and pro as the destination one]

   • Fill in the merge request information

     ⚠️ Be sure to write a title that have sense for the Merge Request: The default value here is dev, that is not usefull at all!

   • Approve the Merge Request.

10. Configure the webhooks for both environments: DEV and PRO.

    NOTE: You can use the playbook gitlab_webhook.yml or do it manually if you prefer how it is done:

    AUTOMATICALLY WITH A PLAYBOOK (it is needed to change and in the command. Also it can be used gitlab_api_password instead of gitlab_api_token in case it is used a password.):

    ansible-navigator run gitlab_webhook.yml -i inventory -l dev -e '{gitlab_action_push: true, gitlab_action_tag: false, gitlab_branch_filter: dev, gitlab_api_user: <user>, gitlab_api_token: <token>}' -m stdout --eei quay.io/automationiberia/aap/ee-casc --vault-password-file .vault_password
    ansible-navigator run gitlab_webhook.yml -i inventory -l pro -e '{gitlab_action_push: false, gitlab_action_tag: true, gitlab_api_user: <user>, gitlab_api_token: <token>}' -m stdout --eei quay.io/automationiberia/aap/ee-casc --vault-password-file .vault_password
    

    MANUALLY IN DEV (only if you didn't by the playbook):

    1. Go to Dev Controller and open casc-twitch-demo CasC_AAP_Workflow
    2. Copy the content of "Webhook URL" and "Webhook Key"
    3. Go to Gitlab -> Settings -> Webhooks
    4. Paste the content of "Webhook URL" and "Webhook Key" in the gaps "URL" and "Secret Content"
    5. Select Push events and fill the gap with dev

    

    MANUALLY IN PRO (only if you didn't by the playbook):

    1. Go to PRO Controller and open casc-twitch-demo CasC_AAP_Workflow
    2. Copy the content of "Webhook URL" and "Webhook Key"
    3. Go to Gitlab -> Settings -> Webhooks
    4. Paste the content of "Webhook URL" and "Webhook Key" in the gaps "URL" and "Secret Content"
    5. Select Tag events and fill the gap with dev

    

GitOps flow

1. Clone the given repository:

   git clone [email protected]:acme/ansible-controller/casc-twitch-demo.git
   
   cd casc-twitch-demo/
   

2. Create a new branch from dev to introduce the new items:

   git checkout dev
   git checkout -b add_info_job_template
   

3. Add a new Playbook and a new Job Template

   File: new_playbook1.yaml

   cat > new_playbook1.yaml <<EOF
   ---
   - name: "Play to show the hostname"
     hosts: all
     tasks:
       - name: "Show the hostname"
         debug:
           msg:
             - "This server is called (from Ansible inventory):     {{ inventory_hostname }}"
             - "This server is called (from Execution Environment): {{ lookup('pipe', 'cat /etc/hostname') }}"
             - "Running as user: {{ lookup('pipe', 'id') }}"
   ...
   EOF
   

   File: new_playbook2.yaml

   cat > new_playbook2.yaml <<EOF
   ---
   - name: "Play to show the hostname"
     hosts: all
     connection: local
     tasks:
       - name: "Show the hostname"
         debug:
           msg:
             - "This server is called (from Ansible inventory):     {{ inventory_hostname }}"
             - "This server is called (from Execution Environment): {{ lookup('pipe', 'cat /etc/hostname') }}"
             - "Running as user: {{ lookup('pipe', 'id') }}"
   ...
   EOF
   

   File: orgs_vars/casc-twitch-demo/env/common/controller_job_templates.d/new_job_template.yaml

   cat > orgs_vars/casc-twitch-demo/env/common/controller_job_templates.d/new_job_template.yaml <<EOF
   ---
   controller_templates:
     - name: "{{ orgs }} New Job Template"
       description: "Template to show how to add a new JT"
       organization: "{{ orgs }}"
       project: "{{ orgs }} CasC_Data"
       inventory: "{{ orgs }} Localhost"
       playbook: "new_playbook1.yaml"
       job_type: run
       fact_caching_enabled: false
       concurrent_jobs_enabled: true
       ask_scm_branch_on_launch: true
       extra_vars:
         ansible_python_interpreter: /usr/bin/python3
         ansible_async_dir: /home/runner/.ansible_async/
       execution_environment: "ee-casc"
   ...
   EOF
   

4. Commit the changes to the new branch

   git add -A .
   git commit -am "Add new playbook and job template to show server information"
   git push -u origin add_info_job_template
   

5. Create a Merge Request to dev branch

   • Go to Merge Requests and create a new merge request

   • Select the source branch add_info_job_template and dev as the destination one

   • Fill in the merge request information

   • Merge the merge request

   ---

   The following automated process has ben executed at the Ansible Automation Controller:

   

   The following diagram shows the components of the workflow:

   

   Of course, the new Job Template has been created:

   

6. Pomote the dev branch to production (pro branch)

   Similarly to the step 5, create a new Merge Request from the dev branch to the pro branch:

   • Select the source branch as dev and pro as the destination one]

   • Fill in the merge request information

     ⚠️ Be sure to write a title that have sense for the Merge Request: The default value here is dev, that is not usefull at all!

   ---

   When the Merge Request is already merged, the new Job Template is also created in the pro environment:

   

7. Run the new Job Template at PRO

   Run the Job Template:

   and check that it is failing:

8. Rollback the PRO environment to previously working tag

   To rollback the status of the controller to a previous working version, it's only needed to run the following Job Templates:

   • Run the Job Template casc-twitch-demo CasC_JobTemplates_AAP_Drop_Diff with the previous working version:
   • Run the Job Template casc-twitch-demo CasC_JobTemplates_AAP_CD_Config_Controller with the previous working version:

9. Fix your playbook

   git checkout dev
   git pull
   git checkout -b fix_playbook
   

   Modify the Job Template to use the correct playbook:

   playbook: "new_playbook2.yaml"

   Updated file: orgs_vars/casc-twitch-demo/env/common/controller_job_templates.d/new_job_template.yaml

   ---
   controller_templates:
     - name: "{{ orgs }} New Job Template"
       description: "Template to show how to add a new JT"
       organization: "{{ orgs }}"
       project: "{{ orgs }} CasC_Data"
       inventory: "{{ orgs }} Localhost"
       playbook: "new_playbook2.yaml"
       job_type: run
       fact_caching_enabled: false
       concurrent_jobs_enabled: true
       ask_scm_branch_on_launch: true
       extra_vars:
         ansible_python_interpreter: /usr/bin/python3
         ansible_async_dir: /home/runner/.ansible_async/
       execution_environment: "ee-casc"
   ...

   Commit and push your changes:

   git commit -am "Fix the connection method"
   git push -u origin fix_playbook
   

   Create a Merge Request to dev branch:

   • 
   • 
   • 

   Repeat the steps to create a new Merge Request from dev to pro, as described at step 6

10. Run again the new Job Template at PRO

    Run again the Job Template:

    and check that it is working fine now: