RH294 - ch10s03

Bookmark this page

Lab: Creating Playbooks

In this review, you will create three playbooks in the Ansible project directory, /home/student/review-playbooks. One playbook will ensure that lftp is installed on systems that should be FTP clients, one playbook will ensure that vsftpd is installed and configured on systems that should be FTP servers, and one playbook (site.yml) will run both of the other playbooks.

Outcomes

You should be able to:

Create and execute playbooks to perform tasks on managed hosts.
Utilize Jinja2 templates, variables, and handlers in playbooks.

Important

If you are having trouble with your site.yml playbook, make sure that both ansible-vsftpd.yml and ftpclients.yml use consistent indentation.

On workstation, run the lab review-playbooks start command.

[student@workstation ~]$ lab review-playbooks start

Procedure 10.2. Instructions

As the student user on workstation, create the inventory file /home/student/review-playbooks/inventory, containing serverc.lab.example.com in the ftpclients group, and serverb.lab.example.com and serverd.lab.example.com in the ftpservers group.
Change directory into the Ansible project directory, /home/student/review-playbooks, created by the setup script.
[student@workstation ~]$ cd ~/review-playbooks
Populate the inventory file with the following entries, and then save and exit.
[ftpservers] serverb.lab.example.com serverd.lab.example.com [ftpclients] serverc.lab.example.com
Create the Ansible configuration file, /home/student/review-playbooks/ansible.cfg, and populate it with the necessary entries to meet these requirements:
- Configure the Ansible project to use the newly created inventory
- Connect to managed hosts as the devops user
- Utilize privilege escalation using sudo as the root user
- Escalate privileges for each task by default
[defaults] remote_user = devops inventory = ./inventory [privilege_escalation] become_user = root become_method = sudo become = true
Create the playbook, /home/student/review-playbooks/ftpclients.yml, containing a play that targets hosts in the ftpclients inventory group and ensures that the lftp package is installed.
--- - name: Ensure FTP Client Configuration hosts: ftpclients tasks: - name: latest version of lftp is installed yum: name: lftp state: latest

Place the provided vsftpd configuration file, vsftpd.conf.j2, in the templates subdirectory.

Create the templates subdirectory.

[student@workstation review-playbooks]$ mkdir -v templates
mkdir: created directory 'templates'

Move the vsftpd.conf.j2 file to the newly created templates subdirectory.

[student@workstation review-playbooks]$ mv -v vsftpd.conf.j2 templates/
renamed 'vsftpd.conf.j2' -> 'templates/vsftpd.conf.j2'

Place the provided defaults-template.yml file in the vars subdirectory.

Create the vars subdirectory.

[student@workstation review-playbooks]$ mkdir -v vars
mkdir: created directory 'vars'

Move the defaults-template.yml file to the newly created vars subdirectory.

[student@workstation review-playbooks]$ mv -v defaults-template.yml vars/
renamed 'defaults-template.yml' -> 'vars/defaults-template.yml'

Create a vars.yml variable definition file in the vars subdirectory to define the following three variables and their values:
Variable Value
vsftpd_package vsftpd
vsftpd_service vsftpd
vsftpd_config_file /etc/vsftpd/vsftpd.conf
vsftpd_package: vsftpd vsftpd_service: vsftpd vsftpd_config_file: /etc/vsftpd/vsftpd.conf

Variable	Value
vsftpd_package	vsftpd
vsftpd_service	vsftpd
vsftpd_config_file	/etc/vsftpd/vsftpd.conf

Using the previously created Jinja2 template and variable definition files, create a second playbook, /home/student/review-playbooks/ansible-vsftpd.yml, to configure the vsftpd service on the hosts in the ftpservers inventory group.

---
- name: FTP server is installed
  hosts:
    - ftpservers
  vars_files:
    - vars/defaults-template.yml
    - vars/vars.yml

  tasks:
    - name: Packages are installed
      yum:
        name: "{{ vsftpd_package }}"
        state: present

    - name: Ensure service is started
      service:
        name: "{{ vsftpd_service }}"
        state: started
        enabled: true

    - name: Configuration file is installed
      template:
        src: templates/vsftpd.conf.j2
        dest: "{{ vsftpd_config_file }}"
        owner: root
        group: root
        mode: 0600
        setype: etc_t
      notify: restart vsftpd

    - name: firewalld is installed
      yum:
        name: firewalld
        state: present

    - name: firewalld is started and enabled
      service:
        name: firewalld
        state: started
        enabled: yes

    - name: FTP port is open
      firewalld:
        service: ftp
        permanent: true
        state: enabled
        immediate: yes

    - name: FTP passive data ports are open
      firewalld:
        port: 21000-21020/tcp
        permanent: yes
        state: enabled
        immediate: yes

  handlers:
    - name: restart vsftpd
      service:
        name: "{{ vsftpd_service }}"
        state: restarted

Create a third playbook, /home/student/review-playbooks/site.yml, and include the plays from the two playbooks created previously, ftpclients.yml and ansible-vsftpd.yml.
--- # FTP Servers playbook - import_playbook: ansible-vsftpd.yml # FTP Clients playbook - import_playbook: ftpclients.yml
Execute the /home/student/review-playbooks/site.yml playbook to verify that it performs the desired tasks on the managed hosts.
[student@workstation review-playbooks]$ ansible-playbook site.yml

Evaluation

As the student user on workstation, run the lab review-playbooks grade command to confirm success of this exercise. Correct any reported failures and rerun the script until successful.

[student@workstation ~]$ lab review-playbooks grade

Finish

Run the lab review-playbooks finish command to clean up the lab tasks on serverb, serverc, and serverd.

[student@workstation ~]$ lab review-playbooks finish

This concludes the lab.

Discuss Red Hat Enterprise Linux Automation with Ansible

Go to community

Red Hat Linux Automation with Ansible (RH294)

Haley_Ruccio

24 lip 2023

Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.

980

curl finds no route to host?

TPeters

23 lip 2023

I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?

1702

Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.

351

Revision: rh294-8.4-9cb53f0