RH294 - ch10s04

Bookmark this page

Lab: Creating Roles

In this review, you will convert the ansible-vsftpd.yml playbook into a role, and then use that role in a new playbook that will also run some additional tasks.

Outcomes

You should be able to:

Create a role to configure the vsftpd service using tasks from an existing playbook.
Include a role in a playbook, and execute the playbook.

Important

You may find it useful to debug your role by testing it in a playbook that does not contain the extra tasks or playbook variables listed above, but instead contains a play that only targets hosts in the group ftpservers and applies the role.

After confirming that a simplified playbook using only the role works just like the original ansible-vsftpd.yml playbook, you can build the complete vsftpd-configure.yml playbook by adding the additional variables and tasks specified above.

Important

If you are having trouble with your site.yml playbook, make sure that both vsftpd-configure.yml and ftpclients.yml use consistent indentation.

On workstation, run the lab review-roles start command. This script ensures that the remote hosts are reachable on the network. The script also checks that Ansible is installed on workstation, creates a directory structure for the lab environment, and installs required lab files.

[student@workstation ~]$ lab review-roles start

Procedure 10.3. Instructions

Change to the review-roles working directory. Configure the Ansible project to use the static inventory file inventory. Verify the inventory configuration using the ansible-inventory command.

Change to the review-roles working directory.

[student@workstation ~]$ cd ~/review-roles
[student@workstation review-roles]$

Edit the ansible.cfg file, add the inventory directive in the [defaults] section, and set it to ./inventory.
The [defaults] section of the ansible.cfg file looks like this:
```
[defaults]
remote_user=devops
inventory=./inventory
```

Use the ansible-inventory command to verify the project inventory configuration:

[student@workstation review-roles]$ ansible-inventory --list all
{
    "_meta": {
        "hostvars": {}
    },
    "all": {
        "children": [
            "ftpclients",
            "ftpservers",
            "ungrouped"
        ]
    },
    "ftpclients": {
        "hosts": [
            "servera.lab.example.com",
            "serverc.lab.example.com"
        ]
    },
    "ftpservers": {
        "hosts": [
            "serverb.lab.example.com",
            "serverd.lab.example.com"
        ]
    }
}

Convert the ansible-vsftpd.yml playbook to the role ansible-vsftpd.

Create the roles subdirectory.

[student@workstation review-roles]$ mkdir -v roles
mkdir: created directory 'roles'

Using ansible-galaxy, create the directory structure for the new ansible-vsftpd role in the roles subdirectory.

[student@workstation review-roles]$ cd roles
[student@workstation roles]$ ansible-galaxy init ansible-vsftpd
- Role ansible-vsftpd was created successfully
[student@workstation roles]$ cd ..
[student@workstation review-roles]$

Using tree, verify the directory structure created for the new role.

[student@workstation review-roles]$ tree roles
roles
└── ansible-vsftpd
    ├── defaults
    │   └── main.yml
    ├── files
    ├── handlers
    │   └── main.yml
    ├── meta
    │   └── main.yml
    ├── README.md
    ├── tasks
    │   └── main.yml
    ├── templates
    ├── tests
    │   ├── inventory
    │   └── test.yml
    └── vars
        └── main.yml

9 directories, 8 files

Replace the roles/ansible-vsftpd/defaults/main.yml file with the variable definitions in the defaults-template.yml file.

[student@workstation review-roles]$ mv -v defaults-template.yml \
> roles/ansible-vsftpd/defaults/main.yml
renamed 'defaults-template.yml' -> 'roles/ansible-vsftpd/defaults/main.yml'

Replace the roles/ansible-vsftpd/vars/main.yml file with the variable definitions in the vars.yml file.

[student@workstation review-roles]$ mv -v vars.yml \
> roles/ansible-vsftpd/vars/main.yml
renamed 'vars.yml' -> 'roles/ansible-vsftpd/vars/main.yml'

Use the templates/vsftpd.conf.j2 file as a template for the ansible-vsftpd role.

[student@workstation review-roles]$ mv -v vsftpd.conf.j2 \
> roles/ansible-vsftpd/templates/
renamed 'vsftpd.conf.j2' -> 'roles/ansible-vsftpd/templates/vsftpd.conf.j2'

Copy tasks from the ansible-vsftpd.yml playbook to the roles/ansible-vsftpd/tasks/main.yml file. The value of the src keyword in the template module task no longer needs to reference the templates subdirectory. The roles/ansible-vsftpd/tasks/main.yml file should contain the following when you finish.

---
# tasks file for ansible-vsftpd
- name: Packages are installed
  yum:
    name: '{{ vsftpd_package }}'
    state: present

- name: Ensure service is started
  service:
    name: '{{ vsftpd_service }}'
    state: started
    enabled: true

- name: Configuration file is installed
  template:
    src: vsftpd.conf.j2
    dest: '{{ vsftpd_config_file }}'
    owner: root
    group: root
    mode: '0600'
    setype: etc_t
  notify: restart vsftpd

- name: firewalld is installed
  yum:
    name: firewalld
    state: present

- name: firewalld is started and enabled
  service:
    name: firewalld
    state: started
    enabled: yes

- name: FTP port is open
  firewalld:
    service: ftp
    permanent: true
    state: enabled
    immediate: yes

- name: Passive FTP data ports allowed through the firewall
  firewalld:
    port: 21000-21020/tcp
    permanent: yes
    state: enabled
    immediate: yes

Copy the handlers from the ansible-vsftpd.yml playbook to the roles/ansible-vsftpd/handlers/main.yml file. The roles/ansible-vsftpd/handlers/main.yml file should contain the following when you finish.
```
---
# handlers file for ansible-vsftpd
- name: restart vsftpd
  service:
    name: "{{ vsftpd_service }}"
    state: restarted
```

Update the contents of the roles/ansible-vsftpd/meta/main.yml file.
Variable Value
author Red Hat Training
description example role for RH294
company Red Hat
license BSD
Change the value of the author entry to Red Hat Training.
author: Red Hat Training
Change the value of the description entry to example role for RH294.
description: example role for RH294
Change the value of the company entry to Red Hat.
company: Red Hat
Change the value of the license: entry to BSD.
license: BSD

Variable	Value
author	Red Hat Training
description	example role for RH294
company	Red Hat
license	BSD

Modify the contents of the roles/ansible-vsftpd/README.md file so that it provides pertinent information regarding the role. After modification, the file should contain the following.

ansible-vsftpd
=========
Example ansible-vsftpd role from Red Hat's "Linux Automation" (RH294)
course.

Role Variables
--------------

* defaults/main.yml contains variables used to configure the vsftpd.conf template
* vars/main.yml contains the name of the vsftpd service, the name of the RPM
package, and the location of the service's configuration file

Dependencies
------------

None.

Example Playbook
----------------

    - hosts: servers
      roles:
        - ansible-vsftpd

License
-------

BSD

Author Information
------------------

Red Hat (training@redhat.com)

Remove the unused directories from the new role.

[student@workstation review-roles]$ rm -rvf roles/ansible-vsftpd/tests
removed 'roles/ansible-vsftpd/tests/inventory'
removed 'roles/ansible-vsftpd/tests/test.yml'
removed directory: 'roles/ansible-vsftpd/tests'

Create the new playbook vsftpd-configure.yml. It should contain the following.

---
- name: Install and configure vsftpd
  hosts: ftpservers
  vars:
    vsftpd_anon_root: /mnt/share/
    vsftpd_local_root: /mnt/share/

  roles:
    - ansible-vsftpd

  tasks:
    - name: /dev/vdb1 is partitioned
      parted:
        device: /dev/vdb
        number: 1
        label: gpt
        part_start: 1MiB
        part_end: 100%
        state: present

    - name: XFS file system exists on /dev/vdb1
      filesystem:
        dev: /dev/vdb1
        fstype: xfs
        force: yes

    - name: anon_root mount point exists
      file:
        path: '{{ vsftpd_anon_root }}'
        state: directory

    - name: /dev/vdb1 is mounted on anon_root
      mount:
        path: '{{ vsftpd_anon_root }}'
        src: /dev/vdb1
        fstype: xfs
        state: mounted
        dump: '1'
        passno: '2'
      notify: restart vsftpd

    - name: Make sure permissions on mounted fs are correct
      file:
        path: '{{ vsftpd_anon_root }}'
        owner: root
        group: root
        mode: '0755'
        setype: "{{ vsftpd_setype }}"
        state: directory

    - name: Copy README to the ftp anon_root
      copy:
        dest: '{{ vsftpd_anon_root }}/README'
        content: "Welcome to the FTP server at {{ ansible_fqdn }}\n"
        setype: '{{ vsftpd_setype }}'

Change the site.yml playbook to use the newly created vsftpd-configure.yml playbook instead of the ansible-vsftpd.yml playbook.
--- # FTP Servers playbook - import_playbook: vsftpd-configure.yml # FTP Clients playbook - import_playbook: ftpclients.yml
Verify that the site.yml playbook works as intended by executing it with ansible-playbook.
[student@workstation review-roles]$ ansible-playbook site.yml

Evaluation

From workstation, run the lab review-roles grade command to confirm success on this exercise. Correct any reported failures and rerun the script until successful.

[student@workstation ~]$ lab review-roles grade

Finish

Run the lab review-roles finish command to clean up the lab tasks on servera and serverb.

[student@workstation ~]$ lab review-roles finish

This concludes the lab.

Discuss Red Hat Enterprise Linux Automation with Ansible

Go to community

Red Hat Linux Automation with Ansible (RH294)

Haley_Ruccio

24 lip 2023

Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.

980

curl finds no route to host?

TPeters

23 lip 2023

I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?

1702

Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.

351

Revision: rh294-8.4-9cb53f0