RH294 - ch07s04

Bookmark this page

Guided Exercise: Reusing Content with System Roles

In this exercise, you will use one of the Red Hat Enterprise Linux System Roles in conjunction with a normal task to configure time synchronization and the time zone on your managed hosts.

Outcomes

You should be able to:

Install the Red Hat Enterprise Linux System Roles.
Find and use the RHEL System Roles documentation.
Use the rhel-system-roles.timesync role in a playbook to configure time synchronization on remote hosts.

Scenario Overview

Your organization maintains two data centers: one in the United States (Chicago) and one in Finland (Helsinki). To aid log analysis of database servers across data centers, ensure the system clock on each host is synchronized using Network Time Protocol. To aid time-of-day activity analysis across data centers, ensure each database server has a time zone set that corresponds to the host's data center location.

Time synchronization has the following requirements:

Use the NTP server located at classroom.example.com. Enable the iburst option to accelerate initial time synchronization.
Use the chrony package for time synchronization.

On workstation, run the lab role-system start command. This creates the working directory, /home/student/role-system, and populates it with an Ansible configuration file and host inventory.

[student@workstation ~]$ lab role-system start

Procedure 7.1. Instructions

Change to the /home/student/role-system working directory.

[student@workstation ~]$ cd ~/role-system
[student@workstation role-system]$

Install the Red Hat Enterprise Linux system roles on the control node, workstation.lab.example.com. Verify the installed location of the roles on the control node.
1. Use the ansible-galaxy command to verify that no roles are initially available for use in the playbook project.
```
[student@workstation role-system]$ ansible-galaxy list
# /home/student/role-system/roles
# /usr/share/ansible/roles
# /etc/ansible/roles
```
  The ansible-galaxy command searches three directories for roles, as indicated by the roles_path entry in the ansible.cfg file:
  - ./roles
  - /usr/share/ansible/roles
  - /etc/ansible/roles
  The above output indicates there are no roles in any of these directories.
2. Install the rhel-system-roles package.
```
[student@workstation role-system]$ sudo yum install rhel-system-roles
```
  Enter y when prompted to install the package.
3. Use the ansible-galaxy command to verify that the system roles are now available.
```
[student@workstation role-system]$ ansible-galaxy list
# /home/student/role-system/roles
# /usr/share/ansible/roles
...output omitted...
- rhel-system-roles.timesync, (unknown version)
- rhel-system-roles.tlog, (unknown version)
# /etc/ansible/roles
```
  The roles are located in the /usr/share/ansible/roles directory. Any role beginning with linux-system-roles is actually a symlink to the corresponding rhel-system-roles role.
Create a playbook, configure_time.yml, with one play that targets the database_servers host group. Include the rhel-system-roles.timesync role in the roles section of the play.
```
---
- name: Time Synchronization
  hosts: database_servers

  roles:
    - rhel-system-roles.timesync
```

The role documentation contains a description of each role variable, including the default value for the variable. Determine the role variables to override to meet the requirements for time synchronization.

Place role variable values in a file named timesync.yml. Because these variable values apply to all hosts in the inventory, place the timesync.yml file in the group_vars/all subdirectory.

Review the Role Variables section of the README.md file for the rhel-system-roles.timesync role.

[student@workstation role-system]$ cat \
> /usr/share/doc/rhel-system-roles/timesync/README.md
...output omitted...
Role Variables
--------------
...output omitted...
# List of NTP servers
timesync_ntp_servers:
  - hostname: foo.example.com   # Hostname or address of the server
    minpoll: 4                  # Minimum polling interval (default 6)
    maxpoll: 8                  # Maximum polling interval (default 10)
    iburst: yes                 # Flag enabling fast initial synchronization
                                # (default no)
    pool: no                    # Flag indicating that each resolved address
                                # of the hostname is a separate NTP server
                                # (default no)
...output omitted...
# Name of the package which should be installed and configured for NTP.
# Possible values are "chrony" and "ntp". If not defined, the currently active
# or enabled service will be configured. If no service is active or enabled, a
# package specific to the system and its version will be selected.
timesync_ntp_provider: chrony
...output omitted...

Create the group_vars/all subdirectory.

[student@workstation role-system]$ mkdir -pv group_vars/all
mkdir: created directory 'group_vars'
mkdir: created directory 'group_vars/all'

Create a new file group_vars/all/timesync.yml using a text editor. Add variable definitions to satisfy the time synchronization requirements. The file now contains:
```
---
#rhel-system-roles.timesync variables for all hosts

timesync_ntp_provider: chrony

timesync_ntp_servers:
  - hostname: classroom.example.com
    iburst: yes
```

Add a task to configure_time.yml, to set the time zone for each host. Ensure the task uses the timezone module and executes after the rhel-system-roles.timesync role.
Because hosts do not belong to the same time zone, use a variable (host_timezone) for the time zone name.
1. Review the Examples section of the timezone module documentation.
```
[student@workstation role-system]$ ansible-doc timezone | grep -A 4 "EXAMPLES"
EXAMPLES:

- name: set timezone to Asia/Tokyo
  timezone:
    name: Asia/Tokyo
```
2. Add a task to the post_tasks section of the play in the configure_time.yml playbook. Model the task after the example from the documentation, but use the host_timezone variable for the time zone name.
  The documentation in ansible-doc timezone recommends a restart of the Cron service if the module changes the timezone, to make sure Cron jobs run at the right times. Since system logging and other services use the system time zone, reboot each host when the time zone is modified. Add a notify keyword to the task, with an associated value of reboot host. The post_tasks section of the play should read:
```
  post_tasks:
    - name: Set timezone
      timezone:
        name: "{{ host_timezone }}"
      notify: reboot host
```
3. Add the reboot host handler to the Time Synchronization play. The complete playbook now contains:
```
---
- name: Time Synchronization
  hosts: database_servers

  roles:
    - rhel-system-roles.timesync

  post_tasks:
    - name: Set timezone
      timezone:
        name: "{{ host_timezone }}"
      notify: reboot host

  handlers:
    - name: reboot host
      reboot:
```

For each data center, create a file named timezone.yml that contains an appropriate value for the host_timezone variable. Use the timedatectl list-timezones command to find the valid time zone string for each data center.

Create the group_vars subdirectories for the na_datacenter and europe_datacenter host groups.

[student@workstation role-system]$ mkdir -pv \
> group_vars/{na_datacenter,europe_datacenter}
mkdir: created directory 'group_vars/na_datacenter'
mkdir: created directory 'group_vars/europe_datacenter'

Use the timedatectl list-timezones command to determine the time zone for both the US and European data centers:

[student@workstation role-system]$ timedatectl list-timezones | grep Chicago
America/Chicago
[student@workstation role-system]$ timedatectl list-timezones | grep Helsinki
Europe/Helsinki

Create the timezone.yml for both data centers:

[student@workstation role-system]$ echo "host_timezone: America/Chicago" > \
> group_vars/na_datacenter/timezone.yml
[student@workstation role-system]$ echo "host_timezone: Europe/Helsinki" > \
> group_vars/europe_datacenter/timezone.yml

Run the playbook.

[student@workstation role-system]$ ansible-playbook configure_time.yml

PLAY [Time Synchronization] **************************************************

TASK [Gathering Facts] *******************************************************
ok: [serverb.lab.example.com]
ok: [servera.lab.example.com]

TASK [rhel-system-roles.timesync : Check if only NTP is needed] **************
ok: [servera.lab.example.com]
ok: [serverb.lab.example.com]

...output omitted...

TASK [rhel-system-roles.timesync : Enable timemaster] ************************
skipping: [servera.lab.example.com]
skipping: [serverb.lab.example.com]

RUNNING HANDLER [rhel-system-roles.timesync : restart chronyd] ***************
changed: [servera.lab.example.com]
changed: [serverb.lab.example.com]

TASK [Set timezone] **********************************************************
changed: [serverb.lab.example.com]
changed: [servera.lab.example.com]

RUNNING HANDLER [reboot host] ************************************************
changed: [serverb.lab.example.com]
changed: [servera.lab.example.com]

servera.lab.example.com    : ok=17   changed=6    unreachable=0    failed=0
  skipped=20   rescued=0    ignored=6
serverb.lab.example.com    : ok=17   changed=6    unreachable=0    failed=0
  skipped=20   rescued=0    ignored=6

Verify the time zone settings of each server. Use an Ansible ad hoc command to see the output of the date command on all the database servers.
Note
The actual timezones listed will vary depending on the time of year, and whether daylight savings is active.
```
[student@workstation role-system]$ ansible database_servers -m shell -a date
servera.lab.example.com | CHANGED | rc=0 >>
Fri Jul 16 17:38:40 CDT 2021
serverb.lab.example.com | CHANGED | rc=0 >>
Sat Jul 17 01:38:40 EEST 2021
```
Each server has a time zone setting based on its geographic location.

Finish

Run the lab role-system finish command to cleanup the managed host.

[student@workstation ~]$ lab role-system finish

This concludes the guided exercise.

Discuss Red Hat Enterprise Linux Automation with Ansible

Go to community

Red Hat Linux Automation with Ansible (RH294)

Haley_Ruccio

24 lip 2023

Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.

980

curl finds no route to host?

TPeters

23 lip 2023

I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?

1702

Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.

351

Revision: rh294-8.4-9cb53f0

Red Hat Enterprise Linux Automation with Ansible

Guided Exercise: Reusing Content with System Roles

Note