RH294 - ch03s04

On workstation, run the lab data-secret start command. This script ensures that Ansible is installed on workstation and creates a working directory for this exercise. This directory includes an inventory file that points to servera.lab.example.com as a managed host, which is part of the devservers group.

[student@workstation ~]$ lab data-secret start

Procedure 3.2. Instructions

On workstation, as the student user, change to the /home/student/data-secret working directory.
```
[student@workstation ~]$ cd ~/data-secret
[student@workstation data-secret]$
```
Edit the contents of the provided encrypted file, secret.yml. The file can be decrypted using redhat as the password. Uncomment the username and pwhash variable entries.
1. Edit the encrypted file /home/student/data-secret/secret.yml. Provide a password of redhat for the vault when prompted. The encrypted file opens in the default editor, vim.
```
[student@workstation data-secret]$ ansible-vault edit secret.yml
Vault password: redhat
```
2. Uncomment the two variable entries, then save the file and exit the editor. They should appear as follows:
```
username: ansibleuser1
pwhash: $6$jf...uxhP1
```
Create a playbook named /home/student/data-secret/create_users.yml that uses the variables defined in the /home/student/data-secret/secret.yml encrypted file.
Configure the playbook to use the devservers host group. Run this playbook as the devops user on the remote managed host. Configure the playbook to create the ansibleuser1 user defined by the username variable. Set the user's password using the password hash stored in the pwhash variable.
```
---
- name: create user accounts for all our servers
  hosts: devservers
  become: True
  remote_user: devops
  vars_files:
    - secret.yml
  tasks:
    - name: Creating user from secret.yml
      user:
        name: "{{ username }}"
        password: "{{ pwhash }}"
```
Use the ansible-playbook --syntax-check command to verify the syntax of the create_users.yml playbook. Use the --ask-vault-pass option to prompt for the vault password, which decrypts secret.yml. Resolve any syntax errors before you continue.
```
[student@workstation data-secret]$ ansible-playbook --syntax-check \
> --ask-vault-pass create_users.yml
Vault password (default): redhat

playbook: create_users.yml
```
Note
Instead of using --ask-vault-pass, you can use the newer --vault-id @prompt option to do the same thing.
Create a password file named vault-pass to use for the playbook execution instead of asking for a password. The file must contain the plain text redhat as the vault password. Change the permissions of the file to 0600.
```
[student@workstation data-secret]$ echo 'redhat' > vault-pass
[student@workstation data-secret]$ chmod 0600 vault-pass
```

Execute the Ansible Playbook using the vault-pass file, to create the ansibleuser1 user on a remote system using the passwords stored as variables in the secret.yml Ansible Vault encrypted file.

[student@workstation data-secret]$ ansible-playbook \
> --vault-password-file=vault-pass create_users.yml

PLAY [create user accounts for all our servers] ********************************

TASK [Gathering Facts] *********************************************************
ok: [servera.lab.example.com]

TASK [Creating users from secret.yml] ******************************************
changed: [servera.lab.example.com]

PLAY RECAP *********************************************************************
servera.lab.example.com    : ok=2    changed=1    unreachable=0    failed=0

Verify that the playbook ran correctly. The user ansibleuser1 should exist and have the correct password on servera.lab.example.com. Test this by using ssh to log in as that user on servera.lab.example.com. The password for ansibleuser1 is redhat. To make sure that SSH only tries to authenticate by password and not by an SSH key, use the -o PreferredAuthentications=password option when you log in.
Log off from servera when you have successfully logged in.
```
[student@workstation data-secret]$ ssh -o PreferredAuthentications=password \
> ansibleuser1@servera.lab.example.com
ansibleuser1@servera.lab.example.com's password: redhat
Activate the web console with: systemctl enable --now cockpit.socket

[ansibleuser1@servera ~]$ exit
logout
Connection to servera.lab.example.com closed.
```

Finish

On workstation, run the lab data-secret finish script to clean up this exercise.

[student@workstation ~]$ lab data-secret finish

This concludes the guided exercise.

Discuss Red Hat Enterprise Linux Automation with Ansible

Go to community

Red Hat Linux Automation with Ansible (RH294)

Haley_Ruccio

24 lip 2023

Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.

980

curl finds no route to host?

TPeters

23 lip 2023

I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?

1702

Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.

351

Revision: rh294-8.4-9cb53f0

Red Hat Enterprise Linux Automation with Ansible

Guided Exercise: Managing Secrets

Note