The play installs and configures the following applications using Ansible roles:

• RedHat Cockpit
  Browser-based management interface for Linux. Access via http://<hostname>:9090.
  Username and password are defined during installation via variables 'lab_username' and 'lab_password'.
  See also role cockpit
  

• Podman container infrastructure
  Container infrastructure. Can be managed via the Cockpit user interface.
  See also role podman
  

• Hashicorp Vault
  Secret management. Installed as a container, accessible via http://<hostname>:8200.
  Access token and unseal keys are stored in /data/vault/config folder.
  See also role vault
  

• Server-Config-Linux
  Basic server configuration role including configuration of the automation account, timezone configuration, base-server-config in Vault, etc.
  See also role server-config
  

• Sonatype Nexus Repository OSS
  Artifact repository. Installed as a container, accessible via http://<hostname>:8081.
  Username is admin, initial password is stored in Vault.
  See also role nexus-repository
  

Overview design

An example of using the lab-playground is an infrastructure with three virtual machines: an Ansible Development server, a Lab Playground server and an Lab Core Services server.

• Ansible Development server: Minimal Linux server to develop and run Ansible playbooks. Mostly used with Visual Studio Code.
  
• Lab Playground server: Minimal Linux server to test and run Ansible playbooks.
  
• Lab Core Services server: Minnimal Linux server to host Vault and Nexus Repository containers.
  

Lab Playground server
The Lab Playground server will be the server to test and run the Ansible playbooks on. A Linux VM with at least 2 vCPUs and 3GB of memory is recommended. Recommended disk space is 20GB.

• Operating system installation:
  The OS can be Ubuntu, RedHat Enterprise Linux, RockyLinux, or another Linux variant. RockyLinux is slightly preferred because the codebase is the same as RedHat Enterprise Linux but without subscriptions.
  RockyLinux:
  Create the virtual machine on the hypervisor and boot the RockyLinux Minimal ISO.
  Select desired language for RockyLinux.
  Installation Destination: Automatic partitioning.
  User Creation: Set username to ansible, set password, check 'Make this user administrator'.
  Root Password: Set root password, allow root SSH login with password.
  Network & Hostname: Set network IP address.
  Start installation.
  
• Operating system configuration: Create ansible user with useradd ansible, set password passwd ansible and grant ansible user access to sudo with usermod -aG wheel ansible.
  Update OS with sudo dnf upgrade --all.
  

Lab Core Services server The Lab Core Services server will host the Vault container for secret management and Nexus Repository container to store artifacts. A Linux VM with at least 2 vCPUs and 4GB of memory is recommended. Due to the artifact storage, a disk space of 200GB is recommended.

• Operating system installation: See instructions for Lab Playground server.
  
• Operating system configuration: See instructions for Lab Playground server.
  

Ansible Development server
The Ansible Development server is used to clone and edit the code from Git and start the Ansible playbook. A Linux VM with at least 2 vCPUs and 3GB of memory is recommended. The disk space should be 20GB.

• Operating system installation: See instructions for Lab Playground server.
  
• Configuration after OS installation:
  See instructions for Lab Playground server.
  Logon with user ansible and install the following packages on the development server: sudo dnf install epel-release tar nano.
  epel-release: prerequisite for Ansible, tar: for configuring Visual Studio Code remote SSH, nano: simple editor.
  Install Git and Ansible: sudo dnf install ansible git.
  

Create SSH certificate via ssh-keygen: ssh-keygen -t ed25519 -C "<your_email@example.com>"
Copy the SSH key to the Lab Playground Server and Lab Core Services Server: ssh-copy-id ansible@<ip address Lab Playground Server> and ssh-copy-id ansible@<ip address Lab Core Services Server>.

Configure Git: git config --global user.name "<GitHub username>" and git config --global user.email "<GitHub email>".
Test Git connection: ssh -T git@github.com
It is now a good idea to create a snapshot of all the virtual machines so you can revert to the initial state if something goes wrong or you want to start over or try a new project.

Clone lab-playground repository: git clone git@github.com:marcelvenema/lab-playground.git.
Check the IP address of the servers in the hosts.ini file and change it if necessary.

Dependencies are listed in the requirements.yml file. Use ansible-galaxy install -r requirements.yml --force for installation.

Installation of the playbook can be done via the following command line. The -K parameter prompts for the BECOME password.

ansible-playbook install_lab_core_services.yml -K

Following variables can be configured in the install_lab_core_services playbook:

• uninstall: true/false, default is false. If true, roles will be uninstalled before installation.
• automation_username: Default is ansible. The username for the automation account.
• automation_password: If not provided, a password will be generated and stored in Vault.
• automation_email: Default is ansible@me.local. Used during Nexus Repository OSS creation.
• vm_name: Hostname of the VM.
• vault_repository_url: Default is docker.io/hashicorp/vault.
• nexus_repository_url: Default is docker.io/sonatype/nexus3.
• nexus_repository_vault_id: Unique ID to identify the Nexus Repository instance in Vault.

MIT

Marcel Venema