RH294 - ch02s10

Bookmark this page

Guided Exercise: Implementing Multiple Plays

In this exercise, you will create a playbook containing multiple plays, then use it to perform configuration tasks on managed hosts.

Outcomes

You should be able to construct and execute a playbook to manage configuration and perform administration of a managed host.

On workstation, run the lab playbook-multi start command. This function ensures that the managed host, servera.lab.example.com, is reachable on the network. It also ensures that the correct Ansible configuration file and inventory file are installed on the control node.

[student@workstation ~]$ lab playbook-multi start

Procedure 2.5. Instructions

A working directory, /home/student/playbook-multi, has been created on workstation for the Ansible project. The directory has already been populated with an ansible.cfg configuration file and an inventory file, inventory. The managed host, servera.lab.example.com, is already defined in this inventory file. Create a new playbook, /home/student/playbook-multi/intranet.yml, and add the lines needed to start the first play. It should target the managed host servera.lab.example.com and enable privilege escalation.
1. Change directory into the /home/student/playbook-multi working directory.
```
[student@workstation ~]$ cd ~/playbook-multi
[student@workstation playbook-multi]$
```
2. Create and open a new playbook, /home/student/playbook-multi/intranet.yml, and add a line consisting of three dashes to the beginning of the file to indicate the start of the YAML file.
```
---
```
3. Add the following line to the /home/student/playbook-multi/intranet.yml file to denote the start of a play with a name of Enable intranet services.
```
- name: Enable intranet services
```
4. Add the following line to indicate that the play applies to the servera.lab.example.com managed host. Be sure to indent the line with two spaces (aligning with the name keyword above it) to indicate that it is part of the first play.
```
  hosts: servera.lab.example.com
```
5. Add the following line to enable privilege escalation. Be sure to indent the line with two spaces (aligning with the keywords above it) to indicate it is part of the first play.
```
  become: yes
```
6. Add the following line to define the beginning of the tasks list. Indent the line with two spaces (aligning with the keywords above it) to indicate that it is part of the first play.
```
  tasks:
```
As the first task in the first play, define a task that ensures that the httpd and firewalld packages are up to date.
Be sure to indent the first line of the task with four spaces. Under the tasks keyword in the first play, add the following lines.
```
    - name: latest version of httpd and firewalld installed
      yum:
        name:
          - httpd
          - firewalld
        state: latest
```
The first line provides a descriptive name for the task. The second line is indented with six spaces and calls the yum module. The next line is indented eight spaces and is a name keyword. It specifies which packages the yum module should ensure are up-to-date. The yum module's name keyword (which is different from the task name) can take a list of packages, which is indented ten spaces on the two following lines. After the list, the 8-space indented state keyword specifies that the yum module should ensure that the latest version of the packages is installed.
Add a task to the first play's list that ensures that the correct content is in /var/www/html/index.html.
Add the following lines to define the content for /var/www/html/index.html. Be sure to indent the first line with four spaces.
```
    - name: test html page is installed
      copy:
        content: "Welcome to the example.com intranet!\n"
        dest: /var/www/html/index.html
```
The first entry provides a descriptive name for the task. The second entry is indented with six spaces and calls the copy module. The remaining entries are indented with eight spaces and pass the necessary arguments to ensure that the correct content is in the web page.
Define two more tasks in the play to ensure that the firewalld service is running and will start on boot, and will allow connections to the httpd service.
1. Add the following lines to ensure that the firewalld service is enabled and running. Be sure to indent the first line with four spaces.
```
    - name: firewalld enabled and running
      service:
        name: firewalld
        enabled: true
        state: started
```
  The first entry provides a descriptive name for the task. The second entry is indented with eight spaces and calls the service module. The remaining entries are indented with ten spaces and pass the necessary arguments to ensure that the firewalld service is enabled and started.
2. Add the following lines to ensure that firewalld allows HTTP connections from remote systems. Be sure to indent the first line with four spaces.
```
    - name: firewalld permits access to httpd service
      firewalld:
        service: http
        permanent: true
        state: enabled
        immediate: yes
```
  The first entry provides a descriptive name for the task. The second entry is indented with six spaces and calls the firewalld module. The remaining entries are indented with eight spaces and pass the necessary arguments to ensure that remote HTTP connections are permanently allowed.
Add a final task to the first play that ensures that the httpd service is running and will start at boot.
Add the following lines to ensure that the httpd service is enabled and running. Be sure to indent the first line with four spaces.
```
    - name: httpd enabled and running
      service:
        name: httpd
        enabled: true
        state: started
```
The first entry provides a descriptive name for the task. The second entry is indented with six spaces and calls the service module. The remaining entries are indented with eight spaces and pass the necessary arguments to ensure that the httpd service is enabled and running.
In /home/student/playbook-multi/intranet.yml, define a second play targeted at localhost which will test the intranet web server. It does not need privilege escalation.
1. Add the following line to define the start of a second play. Note that there is no indentation.
```
- name: Test intranet web server
```
2. Add the following line to indicate that the play applies to the localhost managed host. Be sure to indent the line with two spaces to indicate that it is contained by the second play.
```
  hosts: localhost
```
3. Add the following line to disable privilege escalation. Be sure to align the indentation with the hosts keyword above it.
```
  become: no
```
4. Add the following line to the /home/student/playbook-multi/intranet.yml file to define the beginning of the tasks list. Be sure to indent the line with two spaces to indicate that it is contained by the second play.
```
  tasks:
```
Add a single task to the second play, and use the uri module to request content from http://servera.lab.example.com. The task should verify a return HTTP status code of 200. Configure the task to place the returned content in the task results variable.
Add the following lines to create the task for verifying the web service from the control node. Be sure to indent the first line with four spaces.
```
    - name: connect to intranet web server
      uri:
        url: http://servera.lab.example.com
        return_content: yes
        status_code: 200
```
The first line provides a descriptive name for the task. The second line is indented with six spaces and calls the uri module. The remaining lines are indented with eight spaces and pass the necessary arguments to execute a query for web content from the control node to the managed host and verify the status code received. The return_content keyword ensures that the server's response is added to the task results.

Verify that the final /home/student/playbook-multi/intranet.yml playbook reflects the following structured content, then save and close the file.

---
- name: Enable intranet services
  hosts: servera.lab.example.com
  become: yes
  tasks:
    - name: latest version of httpd and firewalld installed
      yum:
        name:
          - httpd
          - firewalld
        state: latest

    - name: test html page is installed
      copy:
        content: "Welcome to the example.com intranet!\n"
        dest: /var/www/html/index.html

    - name: firewalld enabled and running
      service:
        name: firewalld
        enabled: true
        state: started

    - name: firewalld permits access to httpd service
      firewalld:
        service: http
        permanent: true
        state: enabled
        immediate: yes

    - name: httpd enabled and running
      service:
        name: httpd
        enabled: true
        state: started

- name: Test intranet web server
  hosts: localhost
  become: no
  tasks:
    - name: connect to intranet web server
      uri:
        url: http://servera.lab.example.com
        return_content: yes
        status_code: 200

Run the ansible-playbook --syntax-check command to verify the syntax of the /home/student/playbook-multi/intranet.yml playbook.
```
[student@workstation playbook-multi]$ ansible-playbook --syntax-check intranet.yml

playbook: intranet.yml
```

Execute the playbook using the -v option to output detailed results for each task. Read through the output generated to ensure that all tasks completed successfully. Verify that an HTTP GET request to http://servera.lab.example.com provides the correct content.

[student@workstation playbook-multi]$ ansible-playbook -v intranet.yml
...output omitted...

PLAY [Enable intranet services] *************************************************

TASK [Gathering Facts] **********************************************************
ok: [servera.lab.example.com]

TASK [latest version of httpd and firewalld installed] **************************
changed: [servera.lab.example.com] => {"changed": true, ...output omitted...

TASK [test html page is installed] **********************************************
changed: [servera.lab.example.com] => {"changed": true, ...output omitted...

TASK [firewalld enabled and running] ********************************************
ok: [servera.lab.example.com] => {"changed": false, ...output omitted...

TASK [firewalld permits http service] *******************************************
changed: [servera.lab.example.com] => {"changed": true, ...output omitted...

TASK [httpd enabled and running] ************************************************
changed: [servera.lab.example.com] => {"changed": true, ...output omitted...

PLAY [Test intranet web server] *************************************************

TASK [Gathering Facts] **********************************************************
ok: [localhost]

TASK [connect to intranet web server] *******************************************
ok: [localhost] => {"accept_ranges": "bytes", "changed": false, "connection": "cl
ose", "content": "Welcome to the example.com intranet!\n", "content_length":
 "37", "content_type": "text/html; charset=UTF-8", "cookies": {}, "cookies_string
": "", "date": "...output omitted...", "etag": "\"25-5790ddbcc5a48\"",
 "last_modified": "...output omitted...", "msg": "OK (37 bytes)", "redir
ected": false, "server": "Apache/2.4.6 (Red Hat Enterprise Linux)",
"status": 200, "url": "http://servera.lab.example.com"}

PLAY RECAP **********************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0
servera.lab.example.com    : ok=6    changed=4    unreachable=0    failed=0

	The server responded with the desired content, `Welcome to the example.com intranet!\n`.
	The server responded with an HTTP status code of `200`.

Finish

On workstation, run the lab playbook-multi finish command to clean up the resources created in this exercise.

[student@workstation ~]$ lab playbook-multi finish

This concludes the guided exercise.

Discuss Red Hat Enterprise Linux Automation with Ansible

Go to community

Red Hat Linux Automation with Ansible (RH294)

Haley_Ruccio

24 lip 2023

Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.

980

curl finds no route to host?

TPeters

23 lip 2023

I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?

1702

Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.

351

Revision: rh294-8.4-9cb53f0