RH294 - ch02s08

Bookmark this page

Guided Exercise: Implementing Multiple Plays

In this exercise, you write and use a playbook containing multiple plays.

Outcomes

You should be able to construct and execute a playbook to manage configuration and perform administration of a managed host.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start playbook-multi

Procedure 2.4. Instructions

The /home/student/playbook-multi directory has been created on the workstation machine for your Ansible project. The directory has already been populated with an ansible.cfg configuration file and an inventory file named inventory. The managed host, servera.lab.example.com, is already defined in this inventory file.
Create a new playbook named /home/student/playbook-multi/intranet.yml and add the lines needed to start the first play. It should target the managed host servera.lab.example.com and enable privilege escalation.
1. Change into the /home/student/playbook-multi directory.
```
[student@workstation ~]$ cd ~/playbook-multi
[student@workstation playbook-multi]$
```
2. Use a text editor to create a new playbook named /home/student/playbook-multi/intranet.yml. Add a line consisting of three dashes to the beginning of the file to indicate the start of the YAML file.
```
---
```
3. Add the following line to the /home/student/playbook-multi/intranet.yml file to denote the start of a play named Enable intranet services.
```
- name: Enable intranet services
```
4. Add the following line to indicate that the play applies to the servera.lab.example.com managed host. Indent the line with two spaces (aligning with the name keyword above it) to indicate that it is part of the first play.
```
  hosts: servera.lab.example.com
```
5. Add the following line to enable privilege escalation. Indent the line with two spaces (aligning with the keywords above it) to indicate it is part of the first play.
```
  become: true
```
6. Add the following line to define the beginning of the tasks list. Indent the line with two spaces (aligning with the keywords above it) to indicate that it is part of the first play.
```
  tasks:
```

As the first task in the first play, define a task that ensures that the httpd and firewalld packages are up-to-date.

Indent the first line of the task with four spaces. Under the tasks keyword in the first play, add the following lines:

    - name: Latest version of httpd and firewalld installed 
      ansible.builtin.dnf: 
        name: 
          - httpd
          - firewalld
        state: latest

	A descriptive name for the task.
	Indented six spaces and calls the `ansible.builtin.dnf` module.
	The `name` keyword, which is a parameter of the `ansible.builtin.dnf` module, and is indented eight spaces. The `name` keyword specifies which packages the module should ensure are up-to-date. The `name` keyword (which is different from the task name) can take a list of packages, which are indented ten spaces on the two following lines.
	After the list of packages, the `state` keyword specifies that the module should ensure that the latest version of the packages is installed. The `state` keyword is also a parameter of the `ansible.builtin.dnf` module, and is indented eight spaces.

Add a task to the first play's list that ensures that the correct content is in the /var/www/html/index.html file.
Add the following lines to define the content for the /var/www/html/index.html file. Indent the first line four spaces.
```
    - name: Test html page is installed
      ansible.builtin.copy:
        content: "Welcome to the example.com intranet!\n"
        dest: /var/www/html/index.html
```
- The first line provides a descriptive name for the task.
- The second line is indented six spaces and calls the ansible.builtin.copy module.
- The remaining lines are indented eight spaces and pass the necessary arguments to ensure that the correct content is in the web page.
Define two more tasks in the play to ensure that the firewalld service is running and starts on boot, and allows connections to the httpd service.
1. Add the following lines to ensure that the firewalld service is enabled and running. Indent the first line four spaces.
```
    - name: Firewall enabled and running
      ansible.builtin.service:
        name: firewalld
        enabled: true
        state: started
```
  - The first line provides a descriptive name for the task.
  - The second line is indented eight spaces and calls the ansible.builtin.service module.
  - The remaining lines are indented ten spaces and pass the necessary arguments to ensure that the firewalld service is enabled and started.
2. Add the following lines to ensure that firewalld allows HTTP connections from remote systems. Indent the first line four spaces.
```
    - name: Firewall permits access to httpd service
      ansible.posix.firewalld:
        service: http
        permanent: true
        state: enabled
        immediate: yes
```
  - The first line provides a descriptive name for the task.
  - The second line is indented six spaces and calls the ansible.posix.firewalld module.
  - The remaining lines are indented eight spaces and pass the necessary arguments to ensure that remote HTTP connections are permanently allowed.
Add a final task to the first play that ensures that the httpd service is running and starts at boot.
Add the following lines to ensure that the httpd service is enabled and running. Indent the first line four spaces.
```
    - name: Web server enabled and running
      ansible.builtin.service:
        name: httpd
        enabled: true
        state: started
```
- The first line provides a descriptive name for the task.
- The second line is indented six spaces and calls the ansible.builtin.service module.
- The remaining lines are indented eight spaces and pass the necessary arguments to ensure that the httpd service is enabled and running.
In the /home/student/playbook-multi/intranet.yml file, define a second play that targets localhost and tests the intranet web server. (Plays that run on localhost are run inside the automation execution environment by ansible-navigator, and not directly on your control node.) It does not need privilege escalation.
1. Add the following line to define the start of a second play. Note that there is no indentation.
```
- name: Test intranet web server
```
2. Add the following line to indicate that the play runs on the automation execution environment, localhost. Indent the line two spaces to indicate that it is contained by the second play.
```
  hosts: localhost
```
3. Add the following line to disable privilege escalation. Align the indentation with the hosts keyword above it.
```
  become: false
```
4. Add the following line to the /home/student/playbook-multi/intranet.yml file to define the beginning of the tasks list. Indent the line two spaces to indicate that it is contained by the second play.
```
  tasks:
```
Add a single task to the second play, and use the ansible.builtin.uri module to request content from http://servera.lab.example.com. The task should verify a return HTTP status code of 200. Configure the task to place the returned content in the task results variable.
Add the following lines to create the task for verifying the web service from the control node. Indent the first line four spaces.
```
    - name: Connect to intranet web server
      ansible.builtin.uri:
        url: http://servera.lab.example.com
        return_content: yes
        status_code: 200
```
- The first line provides a descriptive name for the task.
- The second line is indented with six spaces and calls the ansible.builtin.uri module.
- The remaining lines are indented with eight spaces and pass the necessary arguments to execute a query for web content from the control node to the managed host and verify the status code received.
- The return_content keyword ensures that the server's response is added to the task results.

Verify that the final /home/student/playbook-multi/intranet.yml playbook reflects the following structured content, and then save and close the file.

---
- name: Enable intranet services
  hosts: servera.lab.example.com
  become: true
  tasks:
    - name: Latest version of httpd and firewalld installed
      ansible.builtin.dnf:
        name:
          - httpd
          - firewalld
        state: latest

    - name: Test html page is installed
      ansible.builtin.copy:
        content: "Welcome to the example.com intranet!\n"
        dest: /var/www/html/index.html

    - name: Firewall enabled and running
      ansible.builtin.service:
        name: firewalld
        enabled: true
        state: started

    - name: Firewall permits access to httpd service
      ansible.posix.firewalld:
        service: http
        permanent: true
        state: enabled
        immediate: yes

    - name: Web server enabled and running
      ansible.builtin.service:
        name: httpd
        enabled: true
        state: started

- name: Test intranet web server
  hosts: localhost
  become: false
  tasks:
    - name: Connect to intranet web server
      ansible.builtin.uri:
        url: http://servera.lab.example.com
        return_content: yes
        status_code: 200

Run the ansible-navigator run --syntax-check command to validate the syntax of the /home/student/playbook-multi/intranet.yml playbook.

[student@workstation playbook-multi]$ ansible-navigator run \
> -m stdout intranet.yml --syntax-check
playbook: /home/student/playbook-multi/intranet.yml

Run the playbook using the ansible-navigator run command. Read through the generated output to ensure that all tasks completed successfully. Verify that an HTTP GET request to http://servera.lab.example.com provides the correct content.

Run the playbook using the ansible-navigator run command.

[student@workstation playbook-multi]$ ansible-navigator run \
> -m stdout intranet.yml

PLAY [Enable intranet services] ************************************************

TASK [Gathering Facts] *********************************************************
ok: [servera.lab.example.com]

TASK [Latest version of httpd and firewalld installed] *************************
changed: [servera.lab.example.com]

TASK [Test html page is installed] *********************************************
changed: [servera.lab.example.com]

TASK [Firewall enabled and running] ********************************************
changed: [servera.lab.example.com]

TASK [Firewall permits access to httpd service] ********************************
changed: [servera.lab.example.com]

TASK [Web server enabled and running] ******************************************
changed: [servera.lab.example.com]

PLAY [Test intranet web server] ************************************************

TASK [Gathering Facts] *********************************************************
ok: [localhost]

TASK [Connect to intranet web server] ******************************************
ok: [localhost]

PLAY RECAP *********************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
servera.lab.example.com    : ok=6    changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Use the curl command to verify that an HTTP GET request to http://servera.lab.example.com provides the correct content.
```
[student@workstation playbook-multi]$ curl http://servera.lab.example.com
Welcome to the example.com intranet!
```

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish playbook-multi

This concludes the section.

Discuss Red Hat Enterprise Linux Automation with Ansible

Go to community

Red Hat Linux Automation with Ansible (RH294)

Haley_Ruccio

24 lip 2023

Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.

980

curl finds no route to host?

TPeters

23 lip 2023

I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?

1702

Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.

351

Revision: rh294-9.0-c95c7de