DO374 - ch04s04

Bookmark this page

Guided Exercise: Configuring Automation Content Navigator

Change settings for automation content navigator by creating and editing its configuration file.

Outcomes

Configure automation content navigator by using an ansible-navigator.yml file.
Identify the sequence of locations that automation content navigator checks for its configuration file.
Configure automation content navigator to prompt the user for an Ansible Vault password.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command creates an Ansible project in the /home/student/config-navigator directory.

[student@workstation ~]$ lab start config-navigator

Procedure 4.2. Instructions

Review the Ansible configuration files, inventories, and the playbook in the /home/student/config-navigator directory. Modify the Ansible configuration files to use the secret-pass vault password file.
1. Change to the /home/student/config-navigator/ directory.
```
[student@workstation ~]$ cd ~/config-navigator/
```
2. Display the contents of the ansible1.cfg and inventory1 files. Notice how the ansible1.cfg configuration file sets the inventory location to inventory1.
```
[defaults]
inventory = inventory1
```
  The inventory1 file defines the devservers host group with serverb.lab.example.com as the only managed host.
```
[devservers]
serverb.lab.example.com
```
3. Display the contents of the ansible2.cfg and inventory2 files. Notice how the ansible2.cfg configuration file sets the inventory location to inventory2.
```
[defaults]
inventory = inventory2
```
  The inventory2 file defines the devservers host group with servera.lab.example.com as the only managed host.
```
[devservers]
servera.lab.example.com
```
4. Display the contents of the create_users.yml playbook.
```
---
- name: create user accounts in devservers
  hosts: devservers
  become: true
  remote_user: devops
  gather_facts: false
  vars_files:
    - secret.yml

  tasks:
    - name: Creating user from secret.yml
      ansible.builtin.user:
        name: "{{ username }}"
        password: "{{ pwhash }}"
```
  This playbook uses the variables defined in the secret.yml encrypted file.
5. Use the ansible-vault view command to display the contents of the secret.yml file using the secret-pass vault password file to decrypt the secret.yml file.
```
[student@workstation config-navigator]$ cat secret-pass
redhat

[student@workstation config-navigator]$ ansible-vault view secret.yml \
> --vault-password-file=secret-pass
username: ansibleuser
pwhash: $6$j ... xhP1
```
6. In the ansible1.cfg file, specify secret-pass as the vault password file. The ansible1.cfg file should now consist of the following content:
```
[defaults]
inventory = inventory1
vault_password_file = secret-pass
```
Create the ansible-navigator.yml settings file and configure it so that ansible-navigator uses the ansible1.cfg Ansible configuration file, the hub.lab.example.com/ee-supported-rhel8:latest automation execution environment, and standard output mode.
1. Use the ansible-navigator settings --effective command to generate the sample.yml settings file. You can use this file as a starting point to configure automation content navigator.
```
[student@workstation config-navigator]$ ansible-navigator settings --effective \
> -m stdout --eei hub.lab.example.com/ee-supported-rhel8:latest \
> --pp never > sample.yml
```
  Important
  When you redirect the output of the ansible-navigator settings --effective command to a file in the current working directory, you must redirect it to a file with a name other than ansible-navigator.yml or the command fails.
2. Rename the sample.yml file to ansible-navigator.yml.
```
[student@workstation config-navigator]$ mv -v sample.yml ansible-navigator.yml
renamed 'sample.yml' -> 'ansible-navigator.yml'
```
3. Open the ansible-navigator.yml settings file in a text editor, and set the ANSIBLE_CONFIG environment variable to ansible1.cfg by editing the environment-variables subsection of the execution-environment section:
```
  execution-environment:
    container-engine: podman
    enabled: true
    environment-variables:
      set:
        ANSIBLE_CONFIG: /home/student/config-navigator/ansible1.cfg
```
4. Examine the ansible-navigator.yml settings file and notice that the ansible-navigator command set the image key using the value you specified with the --eei option.
```
    image: hub.lab.example.com/ee-supported-rhel8:latest
```
5. Examine the ansible-navigator.yml settings file and notice that the ansible-navigator command set the policy key using the value you specified with the --pp option.
```
    pull:
      policy: never
```
  The updated ansible-navigator.yml file now contains the following content:
```
---
ansible-navigator:
...output omitted...
  execution-environment:
    container-engine: podman
    enabled: true
    environment-variables:
      set:
        ANSIBLE_CONFIG: /home/student/config-navigator/ansible1.cfg
    image: hub.lab.example.com/ee-supported-rhel8:latest
    pull:
      policy: never
...output omitted...
```
  Important
  Be careful with indentation of the lines in the ansible-navigator.yml file. The preceding example shows correct indentation for each line.
Create a similar ~/.ansible-navigator.yml settings file, but set the ANSIBLE_CONFIG environment variable to ansible2.cfg.
Run the create_users.yml playbook and confirm that the configuration file in the directory for its project has precedence over the ~/.ansible-navigator.yml file in your home directory.
1. Copy the existing automation content navigator settings file to ~/.ansible-navigator.yml.
```
[student@workstation config-navigator]$ cp ansible-navigator.yml \
> ~/.ansible-navigator.yml
```
2. Edit the new ~/.ansible-navigator.yml settings file. Set the ANSIBLE_CONFIG environment variable to ansible2.cfg. After editing and removing all comments, the ~/.ansible-navigator.yml file contains the following content:
```
---
ansible-navigator:
...output omitted...
  execution-environment:
    container-engine: podman
    enabled: true
    environment-variables:
      set:
        ANSIBLE_CONFIG: /home/student/config-navigator/ansible2.cfg
    image: hub.lab.example.com/ee-supported-rhel8:latest
    pull:
      policy: never
...output omitted...
```
3. Run the create_users.yml playbook by using the ansible-navigator command.
```
[student@workstation config-navigator]$ ansible-navigator run create_users.yml

PLAY [create user accounts in devservers] **************************************

TASK [Creating user from secret.yml] *******************************************
changed: [serverb.lab.example.com]

PLAY RECAP *********************************************************************
serverb.lab.example.com    : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
```
  Note
  When running commands, you do not need to specify any settings that are already defined in the automation content navigator settings file.
  The fact that the playbook ran against serverb implies that the ./ansible-navigator.yml file has precedence over ~/.ansible-navigator.yml file.

Verify that you can use ~/.ansible-navigator.yml as the settings file for automation content navigator when there is no configuration file in the local project directory, or when you specify it as the value of the ANSIBLE_NAVIGATOR_CONFIG environment variable.

Back up the ansible-navigator.yml file by moving it to backup-an.yml. Run the create_users.yml playbook by using the ansible-navigator command with the --pae false and --ask-vault-pass options.

This time, the playbook ran against the servera server, because there was no settings file in the project directory and automation content navigator found the settings file in your home directory.

[student@workstation config-navigator]$ mv ansible-navigator.yml backup-an.yml
[student@workstation config-navigator]$ ansible-navigator run create_users.yml \
> --pae false --ask-vault-pass
Vault password: redhat

PLAY [create user accounts in devservers] **************************************

TASK [Creating user from secret.yml] *******************************************
changed: [servera.lab.example.com]

PLAY RECAP *********************************************************************
servera.lab.example.com    : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Note

The --ask-vault-pass option is used because the vault_password_file option is not specified in the ansible2.cfg file. This option also requires the use of the --pae false option to temporarily disable playbook artifacts.

Restore the local automation content navigator settings file and set the ANSIBLE_NAVIGATOR_CONFIG environment variable to ~/.ansible-navigator.yml.

[student@workstation config-navigator]$ mv backup-an.yml ansible-navigator.yml
[student@workstation config-navigator]$ export \
> ANSIBLE_NAVIGATOR_CONFIG=~/.ansible-navigator.yml

Run the create_users.yml playbook by using the ansible-navigator command. As expected, the playbook ran against the servera server, even when the local ./ansible-navigator.yml settings file was present, because the ANSIBLE_NAVIGATOR_CONFIG environment variable takes precedence.

[student@workstation config-navigator]$ ansible-navigator run create_users.yml \
> --pae false --ask-vault-pass
Vault password: redhat

PLAY [create user accounts in devservers] **************************************

TASK [Creating user from secret.yml] *******************************************
ok: [servera.lab.example.com]

PLAY RECAP *********************************************************************
servera.lab.example.com    : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Unset the ANSIBLE_NAVIGATOR_CONFIG environment variable so that the project's ./ansible-navigator.yml settings file is used for the remaining exercises.
```
[student@workstation config-navigator]$ unset ANSIBLE_NAVIGATOR_CONFIG
```

You might prefer to enter the password to decrypt the secret.yml file as user input when you run the create_users.yml playbook instead of using the --pae false option every time. Prepare the Ansible and automation content navigator settings files to prompt for the Ansible Vault password.

Remove the line for vault_password_file in the ansible1.cfg file. The ansible1.cfg file should now consist of the following content:
```
[defaults]
inventory = inventory1
```

In the ansible-navigator.yml file, disable creating playbook artifacts by setting the enable key to false.

---
ansible-navigator:
...output omitted...
  execution-environment:
    container-engine: podman
    enabled: true
    environment-variables:
      set:
        ANSIBLE_CONFIG: /home/student/config-navigator/ansible1.cfg
    image: hub.lab.example.com/ee-supported-rhel8:latest
    pull:
      policy: never
...output omitted...
  logging:
    append: true
    file: /home/student/config-navigator/ansible-navigator.log
    level: warning
  mode: stdout
  playbook-artifact:
    enable: false
    save-as: '{playbook_dir}/{playbook_name}-artifact-{time_stamp}.json'
...output omitted...

Important

Disabling playbook artifact creation enables you to run the playbook interactively. Running interactively is useful when you want to use options such as --ask-vault-pass on the command line.

However, disabling artifact creation removes the ability to run ansible-navigator replay.

Run the create_users.yml playbook using the ansible-navigator command. This time, specify the --ask-vault-pass option to prompt for the Ansible Vault password.

[student@workstation config-navigator]$ ansible-navigator run create_users.yml \
> --ask-vault-pass
Vault password: redhat

PLAY [create user accounts in devservers] **************************************

TASK [Creating user from secret.yml] *******************************************
ok: [serverb.lab.example.com]

PLAY RECAP *********************************************************************
serverb.lab.example.com    : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish config-navigator

This concludes the section.

Discuss Developing Advanced Automation with Red Hat Ansible Automation Platform

Go to community

Welcome to the Developing Advanced Automation with Red Hat Ansible Automation (DO374) group!

Deanna

12 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Developing Advanced Automation with Red Hat Ansible Automation Platform! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO374.Read more about Developing Advanced Automation with Red Hat Ansible Automation Platform here.

2367

Revision: do374-2.2-82dc0d7