Red Hat System Administration III: Linux Automation
Course Objectives and Structure
||Managing Variables and Facts
||Managing Large Projects
||Implementing Task Control
||Simplifying Playbooks with Roles
||Automating Linux Administration Tasks
||Deploying Files to Managed Hosts
|Managing Variables and Facts
||Managing Large Projects
Orientation to the Classroom Lab Environment
Chapter 1: Introducing Ansible
Goal: Describe the fundamental Ansible concepts and how it is used, and install Red Hat Ansible Engine.
Describe the motivation for automating Linux administration tasks with Ansible, fundamental Ansible concepts, and Ansible’s basic architecture.
Install Ansible on a control node and describe the distinction between community Ansible and Red Hat Ansible Engine.
Automating Linux Administration with Ansible
Automation and Linux System Administration
Ansible: The Language of DevOps
Ansible across the application life cycle
Ansible Concepts and Architecture
Ansible provides complete automation
Quiz: Automating Linux Administration with Ansible
Ansible or Red Hat Ansible Automation?
Guided Exercise: Installing Ansible
- Automation is a key tool to mitigate human error and quickly ensure that your IT infrastructure is in a consistent, correct state.
- Ansible is an open source automation platform that can adapt to many different workflows and environments.
- Ansible can be used to manage many different types of systems, including servers running Linux, Microsoft Windows, or UNIX, and network devices.
- Ansible Playbooks are human-readable text files that describe the desired state of an IT infrastructure.
- Ansible is built around an agentless architecture in which Ansible is installed on a control node and clients do not need any special agent software.
- Ansible connects to managed hosts using standard network protocols such as SSH, and runs code or commands on the managed hosts to ensure that they are in the state specified by Ansible.
Chapter 2: Deploying Ansible
Goal: Configure Ansible to manage hosts and run ad hoc Ansible commands.
Describe Ansible inventory concepts and manage a static inventory file.
Describe where Ansible configuration files are located, how Ansible selects them, and edit them to apply changes to default settings.
Run a single Ansible automation task using an ad hoc command and explain some use cases for ad hoc commands.
Building an Ansible Inventory
Specifying Managed Hosts with a Static Inventory
Describing a Dynamic Inventory
Guided Exercise: Building an Ansible Inventory
Managing Ansible Configuration Files
Configuration File Precedence
Managing Settings in the Configuration File
Configuration File Comments
Guided Exercise: Managing Ansible Configuration Files
Running Ad Hoc Commands with Ansible
Configuring Connections for Ad Hoc Commands
Guided Exercise: Running Ad Hoc Commands
- Any system upon which Ansible is installed and which has access to the required configuration files and playbooks to manage remote systems (managed hosts) is called a control node.
- Managed hosts are defined in the inventory. Host patterns are used to reference managed hosts defined in an inventory.
- Inventories can be static files or dynamically generated by a program from an external source, such as a directory service or cloud management system.
- Ansible looks for its configuration file in a number of places in order of precedence. The first configuration file found is used; all others are ignored.
ansible command is used to perform ad hoc commands on managed hosts.
- Ad hoc commands determine the operation to perform through the use of modules and their arguments, and can make use of Ansible's privilege escalation features.
Chapter 3: Implementing Playbooks
Goal: Write a simple Ansible Playbook and run it to automate tasks on multiple hosts.
Write a basic Ansible Playbook and run it using the
Write a playbook that uses multiple plays and per-play privilege escalation.
ansible-doc to learn how to use new modules to implement tasks for a play.
Writing and Running Playbooks
Ansible Playbooks and Ad Hoc Commands
Formatting an Ansible Playbook
Guided Exercise: Writing and Running Playbooks
Implementing Multiple Plays
Remote Users and Privilege Escalation in Plays
Finding Modules for Tasks
Playbook Syntax Variations
Guided Exercise: Implementing Multiple Plays
Lab: Implementing Playbooks
- A play is an ordered list of tasks, which runs against hosts selected from the inventory.
- A playbook is a text file that contains a list of one or more plays to run in order.
- Ansible Playbooks are written in YAML format.
- YAML files are structured using space indentation to represent the data hierarchy.
- Tasks are implemented using standardized code packaged as Ansible modules.
ansible-doc command can list installed modules, and provide documentation and example code snippets of how to use them in playbooks.
ansible-playbook command is used to verify playbook syntax and run playbooks.
Chapter 4: Managing Variables and Facts
Goal: Write playbooks that use variables to simplify management of the playbook, and facts to reference information about the managed hosts.
Create and reference variables that affect particular hosts or host groups, the play, or the global environment, and describe how variable precedence works.
Encrypt sensitive variables using Ansible Vault, and run playbooks that reference Vault-encrypted variable files.
Reference data about managed hosts using Ansible facts, and configure custom facts on managed hosts.
Introduction to Ansible Variables
Host Variables and Group Variables
Overriding Variables from the Command Line
Using Arrays as Variables
Capturing Command Output with Registered Variables
Guided Exercise: Managing Variables
Introducing Ansible Vault
Playbooks and Ansible Vault
Guided Exercise: Managing Secrets
Ansible Facts Injected as Variables
Turning off Fact Gathering
Guided Exercise: Managing Facts
Lab: Managing Variables and Facts
- Ansible variables allow administrators to reuse values across files in an entire Ansible project.
- Variables can be defined for hosts and host groups in the inventory file.
- Variables can be defined for playbooks by using facts and external files. They can also be defined on the command line.
register keyword can be used to capture the output of a command in a variable.
- Ansible Vault is one way to protect sensitive data such as password hashes and private keys for deployment using Ansible Playbooks.
- Ansible facts are variables that are automatically discovered by Ansible from a managed host.
Chapter 5: Implementing Task Control
Goal: Manage task control, handlers, and task errors in Ansible Playbooks.
Implement loops to write efficient tasks to control when to run tasks.
Implement a task that runs only when another task changes the managed host.
Control what happens when a task fails, and what conditions cause a task to fail.
Writing Loops and Conditional Tasks
Task Iteration with Loops
Running Tasks Conditionally
Combining Loops and Conditional Tasks
Guided Exercise: Writing Loops and Conditional Tasks
Describing the Benefits of Using Handlers
Guided Exercise: Implementing Handlers
Managing Task Errors in Plays
Guided Exercise: Handling Task Failure
Lab: Implementing Task Control
- Loops are used to iterate over a set of values, for example, a simple list of strings, or a list of either hashes or dictionaries.
- Conditionals are used to execute tasks or plays only when certain conditions have been met.
- Handlers are special tasks that execute at the end of the play if notified by other tasks.
- Handlers are only notified when a task reports that it changed something on a managed host.
- Tasks are configured to handle error conditions by ignoring task failure, forcing handlers to be called even if the task failed, mark a task as failed when it succeeded, or override the behavior that causes a task to be marked as changed.
- Blocks are used to group tasks as a unit and to execute other tasks depending upon whether or not all the tasks in the block succeed.
Chapter 6: Deploying Files to Managed Hosts
Goal: Deploy, manage, and adjust files on hosts managed by Ansible.
Create, install, edit, and remove files on managed hosts, and manage permissions, ownership, SELinux context, and other characteristics of those files.
Customize files using Jinja2 templates, and deploy them to managed hosts.
Modifying and Copying Files to Hosts
Automation Examples with Files Modules
Guided Exercise: Modifying and Copying Files to Hosts
Deploying Custom Files with Jinja2 Templates
Building a Jinja2 template
Deploying Jinja2 Templates
Guided Exercise: Deploying Custom Files with Jinja2 Templates
Lab: Deploying Files to Managed Hosts
Files modules library includes modules that allow you to accomplish most tasks related to file management, such as creating, copying, editing, and modifying permissions and other attributes of files.
- You can use Jinja2 templates to dynamically construct files for deployment.
- A Jinja2 template is usually composed of two elements: variables and expressions. Those variables and expressions are replaced with values when the Jinja2 template is rendered.
- Jinja2 filters transform template expressions from one kind or format of data into another.
Chapter 7: Managing Large Projects
Goal: Write playbooks that are optimized for larger and more complex projects.
Write sophisticated host patterns to efficiently select hosts for a play or ad hoc command.
Describe the nature and purpose of dynamic inventories and then install and use an existing script as an Ansible dynamic inventory source.
Tune the number of simultaneous connections that Ansible opens to managed hosts and how Ansible processes groups of managed hosts through the play’s tasks.
Manage large playbooks by importing or including playbooks and tasks from external files, either unconditionally or based on a conditional test.
Selecting Hosts with Host Patterns
Referencing Inventory Hosts
Guided Exercise: Selecting Hosts with Host Patterns
Managing Dynamic Inventories
Generating Inventories Dynamically
Writing Dynamic Inventory Programs
Managing Multiple Inventories
Guided Exercise: Managing Dynamic Inventories
Configure Parallelism in Ansible Using Forks
Guided Exercise: Configuring Parallelism
Including and Importing Files
Including or Importing Files
Importing and Including Tasks
Defining Variables for External Plays and Tasks
Guided Exercise: Including and Importing Files
Lab: Managing Large Projects
- Host patterns are used to specify the managed hosts to be targeted by plays or ad hoc commands.
- Dynamic inventory scripts can be used to generate dynamic lists of managed hosts from directory services or other sources external to Ansible.
forks parameter in the Ansible configuration file sets the maximum number of parallel connections to managed hosts.
serial parameter can be used to implement rolling updates across managed hosts by defining the number of managed hosts in each rolling update batch.
- You can use the
import_playbook feature to incorporate external play files into playbooks.
- You can use the
import_tasks features to incorporate external task files into playbooks.
Chapter 8: Simplifying Playbooks with Roles
Goal: Use Ansible roles to develop playbooks more quickly and to reuse Ansible code.
Describe what a role is, how it is structured, and how you can use it in a playbook.
Create a role in a playbook’s project directory and run it as part of one of the plays in the playbook.
Select and retrieve roles from Ansible Galaxy or other sources, such as a Git repository, and use them in your playbooks.
Write playbooks that take advantage of Red Hat Enterprise Linux System Roles to perform standard operations.
Describing Role Structure
Structuring Ansible Playbooks with Roles
Examining the Ansible Role Structure
Defining Variables and Defaults
Using Ansible Roles in a Playbook
Controlling Order of Execution
Quiz: Describing Role Structure
Reusing Content with System Roles
Red Hat Enterprise Linux System Roles
Installing RHEL System Roles
Time Synchronization Role Example
Guided Exercise: Reusing Content with System Roles
The Role Creation Process
Creating the Role Directory Structure
Defining the Role Content
Defining Role Dependencies
Using the Role in a Playbook
Guided Exercise: Creating Roles
Deploying Roles with Ansible Galaxy
Introducing Ansible Galaxy
Ansible Galaxy home page
Ansible Galaxy search screen
Ansible Galaxy search results example
The Ansible Galaxy Command-Line Tool
Guided Exercise: Deploying Roles with Ansible Galaxy
Lab: Simplifying Playbooks with Roles
- Roles organize Ansible code in a way that allows reuse and sharing.
- Red Hat Enterprise Linux System Roles are a collection of tested and supported roles intended to help you configure host subsystems across versions of Red Hat Enterprise Linux.
- Ansible Galaxy is a public library of Ansible roles written by Ansible users. The
ansible-galaxy command can search for, display information about, install, list, remove, or initialize roles.
- External roles needed by a playbook may be defined in the
roles/requirements.yml file. The
ansible-galaxy install -r roles/requirements.yml command uses this file to install the roles on the control node.
Chapter 9: Troubleshooting Ansible
Goal: Troubleshoot playbooks and managed hosts.
Recommended Practices for Playbook Management
Guided Exercise: Troubleshooting Playbooks
Troubleshooting Ansible Managed Hosts
Using Check Mode as a Testing Tool
Testing Managed Hosts Using Ad Hoc Commands
The Correct Level of Testing
Guided Exercise: Troubleshooting Ansible Managed Hosts
Lab: Troubleshooting Ansible
- Ansible provides built-in logging. This feature is not enabled by default.
log_path parameter in the
default section of the
ansible.cfg configuration file specifies the location of the log file to which all Ansible output is redirected.
debug module provides additional debugging information while running a playbook (for example, current value for a variable).
-v option of the
ansible-playbook command provides several levels of output verbosity. This is useful for debugging Ansible tasks when running a playbook.
--check option enables Ansible modules with check mode support to display the changes to be performed, instead of applying those changes to the managed hosts.
- Additional checks can be executed on the managed hosts using ad hoc commands.
Chapter 10: Automating Linux Administration Tasks
Goal: Automate common Linux system administration tasks with Ansible.
Subscribe systems, configure software channels and repositories, and manage RPM packages on managed hosts.
Manage Linux users and groups, configure SSH, and modify Sudo configuration on managed hosts.
Manage service startup, schedule processes with at, cron, and systemd, reboot, and control the default boot target on managed hosts.
Partition storage devices, configure LVM, format partitions or logical volumes, mount file systems, and add swap files or spaces.
Managing Software and Subscriptions
Managing Packages with Ansible
Registering and Managing Systems with Red Hat Subscription Management
Configuring a Yum Repository
Guided Exercise: Managing Software and Subscriptions
Managing Users and Authentication
The Authorized Key Module
Guided Exercise: Managing Users and Authentication
Managing the Boot Process and Scheduled Processes
Scheduling with the at Module
Appending Commands with the cron Module.
Managing Services with the systemd and service Modules.S
The Shell and Command Module
Guided Exercise: Managing the Boot Process and Scheduled Processes
Configuring Storage with Ansible Modules
Ansible Facts for Storage Configuration
Guided Exercise: Managing Storage
Managing Network Configuration
Configuring Networking with the Network System Role
Configuring Networking with Modules
Ansible Facts for Network Configuration
Guided Exercise: Managing Network Configuration
Lab: Automating Linux Administration Tasks
yum_repository module configures a Yum repository on a managed host. For repositories that use public keys, you can verify that the key is available with the
group modules create users and groups respectively on a managed host. You can configure authorized keys for a user with the
- Cron jobs can be configured on managed hosts with the
- Ansible supports the configuration of logical volumes with the
lvol modules. The
filesystem modules support respectively the partition of devices and creation of filesystems.
- Red Hat Enterprise Linux 8 includes the network system role which supports the configuration of network interfaces on managed hosts.
Chapter 11: Comprehensive Review
Reviewing Red Hat System Administration III: Linux Automation
Lab: Creating Roles and Using Dynamic Inventory
Appendix: Supplementary Topics
Appendix: Ansible Lightbulb Licensing
Copyright © Red Hat, Inc.