diff --git a/.gitignore b/.gitignore
index c5dfa11..951d8a2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,5 @@ share
ssh_config
ssh_mux*
ec2.py
+.vault_pass.txt
.*.swp
diff --git a/README.md b/README.md
index b26409d..c3f717a 100644
--- a/README.md
+++ b/README.md
@@ -67,11 +67,9 @@ cd comanage-registry-training-deployment
virtualenv -p python3.7 ./
source bin/activate
pip install --upgrade pip
-pip install git+https://github.com/ansible/ansible.git@devel
+pip install ansible==2.9.6
pip install boto
pip install boto3
-wget https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.py
-chmod 755 ec2.py
cp /path/to/AWS-Trng-1.pem .
```
@@ -79,12 +77,11 @@ Some ansible files are encrypted using `ansible-vault`. When running
a playbook ansible needs to be able to find the password for the
vault.
-Create a file outside of the clone of this repository to hold
-the vault password, e.g.
+Create a file to hold the vault password, e.g.
```
-touch ~/.vault_pass.txt
-chmod 600 ~/.vault_pass.txt
+touch ./.vault_pass.txt
+chmod 600 ./.vault_pass.txt
```
Find the vault password from and enter it into the file you just created.
@@ -96,21 +93,23 @@ to set up the environment:
```
cd comanage-registry-training-deployment
source bin/activate
+
+export ANSIBLE_CONFIG=`pwd`/ansible.cfg
+export ANSIBLE_INVENTORY=`pwd`/aws_ec2.yml
+export ANSIBLE_SSH_ARGS="-F `pwd`/ssh_config -C -o ControlMaster=auto -o ControlPersist=3600s"
+export ANSIBLE_VAULT_PASSWORD_FILE=`pwd`/.vault_pass.txt
+
export AWS_ACCESS_KEY_ID='XXXXXXXX'
export AWS_SECRET_ACCESS_KEY='XXXXXXXX'
-export ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt
export AWS_REGION=us-west-2
-rm ./ssh_mux_*
-kill $SSH_AGENT_PID
-unset SSH_AUTH_SOCK
-eval `ssh-agent -s`
+
ssh-add ./AWS-Trng-1.pem
```
## Configuration
Most of the configurable details, including the number of training nodes to
-deploye, are set in the file
+deploy, are set in the file
```
vars/global.yml
@@ -124,7 +123,7 @@ Review that file before running the playbook.
To provision the infrastructure execute the playbook:
```
-ansible-playbook -i ./ec2.py comanage_registry_training.yml
+ansible-playbook comanage_registry_training.yml
```
## SSH Access
@@ -213,3 +212,18 @@ https://registry2.comanage.incommon.training
```
for node 2, and so on.
+
+## Interference from existing SSH agent
+
+If you find that your existing SSH agent is interfering with the SSH connections
+used by ansible, it might help to start with a fresh agent when you begin your
+work for the say:
+
+```
+cd comanage-registry-training-deployment
+rm ./ssh_mux_*
+kill $SSH_AGENT_PID
+unset SSH_AUTH_SOCK
+eval `ssh-agent -s`
+ssh-add ./AWS-Trng-1.pem
+```
diff --git a/aws_ec2.yml b/aws_ec2.yml
new file mode 100644
index 0000000..874db25
--- /dev/null
+++ b/aws_ec2.yml
@@ -0,0 +1,12 @@
+---
+plugin: aws_ec2
+regions:
+ - us-west-2
+keyed_groups:
+ - prefix: tag
+ key: tags
+hostnames:
+ - private-ip-address
+compose:
+ public_fqdn: tags.public_fqdn
+ private_fqdn: tags.private_fqdn
diff --git a/hostnames.yml b/hostnames.yml
index ccdfaa3..3002305 100644
--- a/hostnames.yml
+++ b/hostnames.yml
@@ -7,5 +7,5 @@
tasks:
- name: Set FQDN for node
- command: "hostnamectl set-hostname {{ ec2_tag_private_fqdn }}"
- when: ansible_facts['nodename'] != ec2_tag_private_fqdn
+ command: "hostnamectl set-hostname {{ private_fqdn }}"
+ when: ansible_facts['nodename'] != private_fqdn
diff --git a/roles/common/tasks/users.yml b/roles/common/tasks/users.yml
index 44eb45f..532e2df 100644
--- a/roles/common/tasks/users.yml
+++ b/roles/common/tasks/users.yml
@@ -65,7 +65,7 @@
comment: COmanage Training User
uid: 2000
home: /home/training
- password: "$6$bvMJpaKk$glM0iapwOVJFiN7//FY9PdXLIs3sGPUkOODrQgXAaCIXP/P6kly9ZucehBryh2j10giTuNmuosQcepZ2a103T."
+ password: "$6$Vi9PQcxYJ.VBZ$RD.yWppXJUvqTBcicu4V1VTwcfpILQ6fisdXbl1VRwezpPr88p5ufW8fL4lmoVKgyGVgFIOQt1LL3Z0KlEOvK/"
shell: /bin/bash
group: training
append: yes
diff --git a/roles/idp/files/attribute-resolver.xml b/roles/idp/files/attribute-resolver.xml
index 1992b9d..1685584 100644
--- a/roles/idp/files/attribute-resolver.xml
+++ b/roles/idp/files/attribute-resolver.xml
@@ -6,32 +6,26 @@
-
-
-
-
-
-
-ServerName https://{{ ec2_tag_public_fqdn }}:443
+ServerName https://{{ public_fqdn }}:443
UseCanonicalName On
DocumentRoot /var/www/html
diff --git a/vars/global.yml b/vars/global.yml
index a0a1616..48c051e 100644
--- a/vars/global.yml
+++ b/vars/global.yml
@@ -22,7 +22,8 @@ vpc_availability_zone:
ssh_bastion_instance_type: t2.nano
# Most current CentOS 7 x86_64
-ssh_bastion_ami_id: ami-01ed306a12b7d1c96
+#ssh_bastion_ami_id: ami-01ed306a12b7d1c96
+ssh_bastion_ami_id: ami-0bc06212a56393ee1
ssh_bastion_user: centos
ssh_bastion_device_name: /dev/sda1
ssh_bastion_volume_type: gp2
@@ -30,7 +31,8 @@ ssh_bastion_volume_size: 8
idp_node_instance_type: t2.small
# Most current CentOS 7 x86_64
-idp_node_ami_id: ami-01ed306a12b7d1c96
+#idp_node_ami_id: ami-01ed306a12b7d1c96
+idp_node_ami_id: ami-0bc06212a56393ee1
idp_node_user: centos
idp_node_device_name: /dev/sda1
idp_node_volume_type: gp2
@@ -41,7 +43,8 @@ training_node_count: 2
training_node_instance_type: t2.small
# Most current CentOS 7 x86_64
-training_node_ami_id: ami-01ed306a12b7d1c96
+#training_node_ami_id: ami-01ed306a12b7d1c96
+training_node_ami_id: ami-0bc06212a56393ee1
training_node_user: centos
training_node_device_name: /dev/sda1
training_node_volume_type: gp2