Red Hat System Administration III: Linux Automation



Course Objectives and Structure


Day One Day Two Day Three Day Four
Introducing Ansible Managing Variables and Facts Managing Large Projects Troubleshooting Ansible
Deploying Ansible Implementing Task Control Simplifying Playbooks with Roles Automating Linux Administration Tasks
Implementing Playbooks Deploying Files to Managed Hosts Troubleshooting Ansible Comprehensive Review
Managing Variables and Facts Managing Large Projects

Orientation to the Classroom Lab Environment


Chapter 1: Introducing Ansible

Goal: Describe the fundamental Ansible concepts and how it is used, and install Red Hat Ansible Engine.


  • Describe the motivation for automating Linux administration tasks with Ansible, fundamental Ansible concepts, and Ansible’s basic architecture.

  • Install Ansible on a control node and describe the distinction between community Ansible and Red Hat Ansible Engine.

Automating Linux Administration with Ansible

Automation and Linux System Administration

What is Ansible?

Ansible: The Language of DevOps

Ansible across the application life cycle

Ansible Concepts and Architecture

Ansible architecture

The Ansible Way

Ansible provides complete automation

Use Cases

Quiz: Automating Linux Administration with Ansible

Installing Ansible

Ansible or Red Hat Ansible Automation?

Control Nodes

Managed Hosts

Guided Exercise: Installing Ansible


  • Automation is a key tool to mitigate human error and quickly ensure that your IT infrastructure is in a consistent, correct state.
  • Ansible is an open source automation platform that can adapt to many different workflows and environments.
  • Ansible can be used to manage many different types of systems, including servers running Linux, Microsoft Windows, or UNIX, and network devices.
  • Ansible Playbooks are human-readable text files that describe the desired state of an IT infrastructure.
  • Ansible is built around an agentless architecture in which Ansible is installed on a control node and clients do not need any special agent software.
  • Ansible connects to managed hosts using standard network protocols such as SSH, and runs code or commands on the managed hosts to ensure that they are in the state specified by Ansible.

Chapter 2: Deploying Ansible

Goal: Configure Ansible to manage hosts and run ad hoc Ansible commands.


  • Describe Ansible inventory concepts and manage a static inventory file.

  • Describe where Ansible configuration files are located, how Ansible selects them, and edit them to apply changes to default settings.

  • Run a single Ansible automation task using an ad hoc command and explain some use cases for ad hoc commands.

Building an Ansible Inventory

Defining the Inventory

Specifying Managed Hosts with a Static Inventory

Describing a Dynamic Inventory

Guided Exercise: Building an Ansible Inventory

Managing Ansible Configuration Files

Configuring Ansible

Configuration File Precedence

Managing Settings in the Configuration File

Configuring Connections

Configuration File Comments

Guided Exercise: Managing Ansible Configuration Files

Running Ad Hoc Commands

Running Ad Hoc Commands with Ansible

Configuring Connections for Ad Hoc Commands

Guided Exercise: Running Ad Hoc Commands

Lab: Deploying Ansible


  • Any system upon which Ansible is installed and which has access to the required configuration files and playbooks to manage remote systems (managed hosts) is called a control node.
  • Managed hosts are defined in the inventory. Host patterns are used to reference managed hosts defined in an inventory.
  • Inventories can be static files or dynamically generated by a program from an external source, such as a directory service or cloud management system.
  • Ansible looks for its configuration file in a number of places in order of precedence. The first configuration file found is used; all others are ignored.
  • The ansible command is used to perform ad hoc commands on managed hosts.
  • Ad hoc commands determine the operation to perform through the use of modules and their arguments, and can make use of Ansible's privilege escalation features.

Chapter 3: Implementing Playbooks

Goal: Write a simple Ansible Playbook and run it to automate tasks on multiple hosts.


  • Write a basic Ansible Playbook and run it using the ansible-playbook command.

  • Write a playbook that uses multiple plays and per-play privilege escalation.

  • Effectively use ansible-doc to learn how to use new modules to implement tasks for a play.

Writing and Running Playbooks

Ansible Playbooks and Ad Hoc Commands

Formatting an Ansible Playbook

Running Playbooks

Guided Exercise: Writing and Running Playbooks

Implementing Multiple Plays

Writing Multiple Plays

Remote Users and Privilege Escalation in Plays

Finding Modules for Tasks

Playbook Syntax Variations

Guided Exercise: Implementing Multiple Plays

Lab: Implementing Playbooks


  • A play is an ordered list of tasks, which runs against hosts selected from the inventory.
  • A playbook is a text file that contains a list of one or more plays to run in order.
  • Ansible Playbooks are written in YAML format.
  • YAML files are structured using space indentation to represent the data hierarchy.
  • Tasks are implemented using standardized code packaged as Ansible modules.
  • The ansible-doc command can list installed modules, and provide documentation and example code snippets of how to use them in playbooks.
  • The ansible-playbook command is used to verify playbook syntax and run playbooks.

Chapter 4: Managing Variables and Facts

Goal: Write playbooks that use variables to simplify management of the playbook, and facts to reference information about the managed hosts.


  • Create and reference variables that affect particular hosts or host groups, the play, or the global environment, and describe how variable precedence works.

  • Encrypt sensitive variables using Ansible Vault, and run playbooks that reference Vault-encrypted variable files.

  • Reference data about managed hosts using Ansible facts, and configure custom facts on managed hosts.

Managing Variables

Introduction to Ansible Variables

Naming Variables

Defining Variables

Variables in Playbooks

Host Variables and Group Variables

Overriding Variables from the Command Line

Using Arrays as Variables

Capturing Command Output with Registered Variables

Guided Exercise: Managing Variables

Managing Secrets

Introducing Ansible Vault

Playbooks and Ansible Vault

Guided Exercise: Managing Secrets

Managing Facts

Describing Ansible Facts

Ansible Facts Injected as Variables

Turning off Fact Gathering

Creating Custom Facts

Using Magic Variables

Guided Exercise: Managing Facts

Lab: Managing Variables and Facts


  • Ansible variables allow administrators to reuse values across files in an entire Ansible project.
  • Variables can be defined for hosts and host groups in the inventory file.
  • Variables can be defined for playbooks by using facts and external files. They can also be defined on the command line.
  • The register keyword can be used to capture the output of a command in a variable.
  • Ansible Vault is one way to protect sensitive data such as password hashes and private keys for deployment using Ansible Playbooks.
  • Ansible facts are variables that are automatically discovered by Ansible from a managed host.

Chapter 5: Implementing Task Control

Goal: Manage task control, handlers, and task errors in Ansible Playbooks.


  • Implement loops to write efficient tasks to control when to run tasks.

  • Implement a task that runs only when another task changes the managed host.

  • Control what happens when a task fails, and what conditions cause a task to fail.

Writing Loops and Conditional Tasks

Task Iteration with Loops

Running Tasks Conditionally

Combining Loops and Conditional Tasks

Guided Exercise: Writing Loops and Conditional Tasks

Implementing Handlers

Ansible Handlers

Describing the Benefits of Using Handlers

Guided Exercise: Implementing Handlers

Handling Task Failure

Managing Task Errors in Plays

Guided Exercise: Handling Task Failure

Lab: Implementing Task Control


  • Loops are used to iterate over a set of values, for example, a simple list of strings, or a list of either hashes or dictionaries.
  • Conditionals are used to execute tasks or plays only when certain conditions have been met.
  • Handlers are special tasks that execute at the end of the play if notified by other tasks.
  • Handlers are only notified when a task reports that it changed something on a managed host.
  • Tasks are configured to handle error conditions by ignoring task failure, forcing handlers to be called even if the task failed, mark a task as failed when it succeeded, or override the behavior that causes a task to be marked as changed.
  • Blocks are used to group tasks as a unit and to execute other tasks depending upon whether or not all the tasks in the block succeed.

Chapter 6: Deploying Files to Managed Hosts

Goal: Deploy, manage, and adjust files on hosts managed by Ansible.


  • Create, install, edit, and remove files on managed hosts, and manage permissions, ownership, SELinux context, and other characteristics of those files.

  • Customize files using Jinja2 templates, and deploy them to managed hosts.

Modifying and Copying Files to Hosts

Describing Files Modules

Automation Examples with Files Modules

Guided Exercise: Modifying and Copying Files to Hosts

Deploying Custom Files with Jinja2 Templates

Templating Files

Introduction to Jinja2

Building a Jinja2 template

Deploying Jinja2 Templates

Managing Templated Files

Control Structures

Variable Filters

Variable Tests

Guided Exercise: Deploying Custom Files with Jinja2 Templates

Lab: Deploying Files to Managed Hosts


  • The Files modules library includes modules that allow you to accomplish most tasks related to file management, such as creating, copying, editing, and modifying permissions and other attributes of files.
  • You can use Jinja2 templates to dynamically construct files for deployment.
  • A Jinja2 template is usually composed of two elements: variables and expressions. Those variables and expressions are replaced with values when the Jinja2 template is rendered.
  • Jinja2 filters transform template expressions from one kind or format of data into another.

Chapter 7: Managing Large Projects

Goal: Write playbooks that are optimized for larger and more complex projects.


  • Write sophisticated host patterns to efficiently select hosts for a play or ad hoc command.

  • Describe the nature and purpose of dynamic inventories and then install and use an existing script as an Ansible dynamic inventory source.

  • Tune the number of simultaneous connections that Ansible opens to managed hosts and how Ansible processes groups of managed hosts through the play’s tasks.

  • Manage large playbooks by importing or including playbooks and tasks from external files, either unconditionally or based on a conditional test.

Selecting Hosts with Host Patterns

Referencing Inventory Hosts

Guided Exercise: Selecting Hosts with Host Patterns

Managing Dynamic Inventories

Generating Inventories Dynamically

Contributed Scripts

Writing Dynamic Inventory Programs

Managing Multiple Inventories

Guided Exercise: Managing Dynamic Inventories

Configuring Parallelism

Configure Parallelism in Ansible Using Forks

Managing Rolling Updates

Guided Exercise: Configuring Parallelism

Including and Importing Files

Managing Large Playbooks

Including or Importing Files

Importing Playbooks

Importing and Including Tasks

Defining Variables for External Plays and Tasks

Guided Exercise: Including and Importing Files

Lab: Managing Large Projects


  • Host patterns are used to specify the managed hosts to be targeted by plays or ad hoc commands.
  • Dynamic inventory scripts can be used to generate dynamic lists of managed hosts from directory services or other sources external to Ansible.
  • The forks parameter in the Ansible configuration file sets the maximum number of parallel connections to managed hosts.
  • The serial parameter can be used to implement rolling updates across managed hosts by defining the number of managed hosts in each rolling update batch.
  • You can use the import_playbook feature to incorporate external play files into playbooks.
  • You can use the include_tasks or import_tasks features to incorporate external task files into playbooks.

Chapter 8: Simplifying Playbooks with Roles

Goal: Use Ansible roles to develop playbooks more quickly and to reuse Ansible code.


  • Describe what a role is, how it is structured, and how you can use it in a playbook.

  • Create a role in a playbook’s project directory and run it as part of one of the plays in the playbook.

  • Select and retrieve roles from Ansible Galaxy or other sources, such as a Git repository, and use them in your playbooks.

  • Write playbooks that take advantage of Red Hat Enterprise Linux System Roles to perform standard operations.

Describing Role Structure

Structuring Ansible Playbooks with Roles

Examining the Ansible Role Structure

Defining Variables and Defaults

Using Ansible Roles in a Playbook

Controlling Order of Execution

Quiz: Describing Role Structure

Reusing Content with System Roles

Red Hat Enterprise Linux System Roles

Installing RHEL System Roles

Time Synchronization Role Example

SELinux Role Example

Guided Exercise: Reusing Content with System Roles

Creating Roles

The Role Creation Process

Creating the Role Directory Structure

Defining the Role Content

Defining Role Dependencies

Using the Role in a Playbook

Guided Exercise: Creating Roles

Deploying Roles with Ansible Galaxy

Introducing Ansible Galaxy

Ansible Galaxy home page

Ansible Galaxy search screen

Ansible Galaxy search results example

The Ansible Galaxy Command-Line Tool

Guided Exercise: Deploying Roles with Ansible Galaxy

Lab: Simplifying Playbooks with Roles


  • Roles organize Ansible code in a way that allows reuse and sharing.
  • Red Hat Enterprise Linux System Roles are a collection of tested and supported roles intended to help you configure host subsystems across versions of Red Hat Enterprise Linux.
  • Ansible Galaxy is a public library of Ansible roles written by Ansible users. The ansible-galaxy command can search for, display information about, install, list, remove, or initialize roles.
  • External roles needed by a playbook may be defined in the roles/requirements.yml file. The ansible-galaxy install -r roles/requirements.yml command uses this file to install the roles on the control node.

Chapter 9: Troubleshooting Ansible

Goal: Troubleshoot playbooks and managed hosts.


  • Troubleshoot generic issues with a new playbook and repair them.

  • Troubleshoot failures on managed hosts when running a playbook.

Troubleshooting Playbooks

Log Files for Ansible

The Debug Module

Managing Errors


Recommended Practices for Playbook Management

Guided Exercise: Troubleshooting Playbooks

Troubleshooting Ansible Managed Hosts

Using Check Mode as a Testing Tool

Testing with Modules

Troubleshooting Connections

Testing Managed Hosts Using Ad Hoc Commands

The Correct Level of Testing

Guided Exercise: Troubleshooting Ansible Managed Hosts

Lab: Troubleshooting Ansible


  • Ansible provides built-in logging. This feature is not enabled by default.
  • The log_path parameter in the default section of the ansible.cfg configuration file specifies the location of the log file to which all Ansible output is redirected.
  • The debug module provides additional debugging information while running a playbook (for example, current value for a variable).
  • The -v option of the ansible-playbook command provides several levels of output verbosity. This is useful for debugging Ansible tasks when running a playbook.
  • The --check option enables Ansible modules with check mode support to display the changes to be performed, instead of applying those changes to the managed hosts.
  • Additional checks can be executed on the managed hosts using ad hoc commands.

Chapter 10: Automating Linux Administration Tasks

Goal: Automate common Linux system administration tasks with Ansible.


  • Subscribe systems, configure software channels and repositories, and manage RPM packages on managed hosts.

  • Manage Linux users and groups, configure SSH, and modify Sudo configuration on managed hosts.

  • Manage service startup, schedule processes with at, cron, and systemd, reboot, and control the default boot target on managed hosts.

  • Partition storage devices, configure LVM, format partitions or logical volumes, mount file systems, and add swap files or spaces.

Managing Software and Subscriptions

Managing Packages with Ansible

Registering and Managing Systems with Red Hat Subscription Management

Configuring a Yum Repository

Guided Exercise: Managing Software and Subscriptions

Managing Users and Authentication

The User Module

The Group Module

The Known Hosts Module

The Authorized Key Module

Guided Exercise: Managing Users and Authentication

Managing the Boot Process and Scheduled Processes

Scheduling with the at Module

Appending Commands with the cron Module.

Managing Services with the systemd and service Modules.S

The Reboot Module

The Shell and Command Module

Guided Exercise: Managing the Boot Process and Scheduled Processes

Managing Storage

Configuring Storage with Ansible Modules

Ansible Facts for Storage Configuration

Guided Exercise: Managing Storage

Managing Network Configuration

Configuring Networking with the Network System Role

Configuring Networking with Modules

Ansible Facts for Network Configuration

Guided Exercise: Managing Network Configuration

Lab: Automating Linux Administration Tasks


  • The yum_repository module configures a Yum repository on a managed host. For repositories that use public keys, you can verify that the key is available with the rpm_key module.
  • The user and group modules create users and groups respectively on a managed host. You can configure authorized keys for a user with the authorized_key module.
  • Cron jobs can be configured on managed hosts with the cron module.
  • Ansible supports the configuration of logical volumes with the lvg, and lvol modules. The parted and filesystem modules support respectively the partition of devices and creation of filesystems.
  • Red Hat Enterprise Linux 8 includes the network system role which supports the configuration of network interfaces on managed hosts.

Chapter 11: Comprehensive Review

Comprehensive Review

Reviewing Red Hat System Administration III: Linux Automation

Lab: Deploying Ansible

Lab: Creating Playbooks

Lab: Creating Roles and Using Dynamic Inventory

Appendix: Supplementary Topics

Appendix: Ansible Lightbulb Licensing