RH294 - ch03s04

Preface A: Introduction

Section A.1: Red Hat Enterprise Linux Automation with Ansible

Section A.2: Orientation to the Classroom Environment

Section A.3: Obtaining a Trial Subscription to Red Hat Ansible Automation Platform

Chapter 1: Introducing Ansible

Section 1.1: Automating Linux Administration with Ansible

Section 1.2: Quiz: Automating Linux Administration with Ansible

Section 1.3: Installing Ansible

Section 1.4: Guided Exercise: Installing Ansible

Section 1.5: Summary

Chapter 2: Implementing an Ansible Playbook

Section 2.1: Building an Ansible Inventory

Section 2.2: Guided Exercise: Building an Ansible Inventory

Section 2.3: Managing Ansible Configuration Files

Section 2.4: Guided Exercise: Managing Ansible Configuration Files

Section 2.5: Writing and Running Playbooks

Section 2.6: Guided Exercise: Writing and Running Playbooks

Section 2.7: Implementing Multiple Plays

Section 2.8: Guided Exercise: Implementing Multiple Plays

Section 2.9: Lab: Implementing an Ansible Playbook

Section 2.10: Summary

Chapter 3: Managing Variables and Facts

Section 3.1: Managing Variables

Section 3.2: Guided Exercise: Managing Variables

Section 3.3: Managing Secrets

SectionSection 3.4: Guided Exercise: Managing Secrets

Section 3.5: Managing Facts

Section 3.6: Guided Exercise: Managing Facts

Section 3.7: Lab: Managing Variables and Facts

Section 3.8: Summary

Chapter 4: Implementing Task Control

Section 4.1: Writing Loops and Conditional Tasks

Section 4.2: Guided Exercise: Writing Loops and Conditional Tasks

Section 4.3: Implementing Handlers

Section 4.4: Guided Exercise: Implementing Handlers

Section 4.5: Handling Task Failure

Section 4.6: Guided Exercise: Handling Task Failure

Section 4.7: Lab: Implementing Task Control

Section 4.8: Summary

Chapter 5: Deploying Files to Managed Hosts

Section 5.1: Modifying and Copying Files to Hosts

Section 5.2: Guided Exercise: Modifying and Copying Files to Hosts

Section 5.3: Deploying Custom Files with Jinja2 Templates

Section 5.4: Guided Exercise: Deploying Custom Files with Jinja2 Templates

Section 5.5: Lab: Deploying Files to Managed Hosts

Section 5.6: Summary

Chapter 6: Managing Complex Plays and Playbooks

Section 6.1: Selecting Hosts with Host Patterns

Section 6.2: Guided Exercise: Selecting Hosts with Host Patterns

Section 6.3: Including and Importing Files

Section 6.4: Guided Exercise: Including and Importing Files

Section 6.5: Lab: Managing Complex Plays and Playbooks

Section 6.6: Summary

Chapter 7: Simplifying Playbooks with Roles and Ansible Content Collections

Section 7.1: Describing Role Structure

Section 7.2: Quiz: Describing Role Structure

Section 7.3: Creating Roles

Section 7.4: Guided Exercise: Creating Roles

Section 7.5: Deploying Roles from External Content Sources

Section 7.6: Guided Exercise: Deploying Roles from External Content Sources

Section 7.7: Getting Roles and Modules from Content Collections

Section 7.8: Guided Exercise: Getting Roles and Modules from Content Collections

Section 7.9: Reusing Content with System Roles

Section 7.10: Guided Exercise: Reusing Content with System Roles

Section 7.11: Lab: Simplifying Playbooks with Roles and Ansible Content Collections

Section 7.12: Summary

Chapter 8: Troubleshooting Ansible

Section 8.1: Troubleshooting Playbooks

Section 8.2: Guided Exercise: Troubleshooting Playbooks

Section 8.3: Troubleshooting Ansible Managed Hosts

Section 8.4: Guided Exercise: Troubleshooting Ansible Managed Hosts

Section 8.5: Lab: Troubleshooting Ansible

Section 8.6: Summary

Chapter 9: Automating Linux Administration Tasks

Section 9.1: Managing Software and Subscriptions

Section 9.2: Guided Exercise: Managing Software and Subscriptions

Section 9.3: Managing Users and Authentication

Section 9.4: Guided Exercise: Managing Users and Authentication

Section 9.5: Managing the Boot Process and Scheduled Processes

Section 9.6: Guided Exercise: Managing the Boot Process and Scheduled Processes

Section 9.7: Managing Storage

Section 9.8: Guided Exercise: Managing Storage

Section 9.9: Managing Network Configuration

Section 9.10: Guided Exercise: Managing Network Configuration

Section 9.11: Lab: Automating Linux Administration Tasks

Section 9.12: Summary

Chapter 10: Comprehensive Review: Red Hat Enterprise Linux Automation with Ansible

Section 10.1: Comprehensive Review

Section 10.2: Lab: Deploying Ansible

Section 10.3: Lab: Creating Playbooks

Section 10.4: Lab: Managing Linux Hosts and Using System Roles

Section 10.5: Lab: Creating Roles

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10

Guided Exercise: Managing Secrets

In this exercise, you encrypt sensitive variables with Ansible Vault to protect them, and then run a playbook that uses those variables.

Outcomes

Execute a playbook using variables defined in an encrypted file.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start data-secret

Procedure 3.2. Instructions

Change into the /home/student/data-secret directory.

[student@workstation ~]$ cd ~/data-secret
[student@workstation data-secret]$

Edit the contents of the encrypted secret.yml file. The file can be decrypted using redhat as the password. Uncomment the username and pwhash variable entries.
1. Edit the encrypted /home/student/data-secret/secret.yml file. Enter redhat as the Vault password when prompted. The encrypted file opens in the default editor, vim.
```
[student@workstation data-secret]$ ansible-vault edit secret.yml
Vault password: redhat
```
2. Uncomment the two variable entries (username and pwhash) by removing the pound sign (#) at the start of each line, and then save and close the file.
Create a playbook named /home/student/data-secret/create_users.yml. The playbook should contain one play (create user accounts for all our servers in the following example), which uses the variables defined in the /home/student/data-secret/secret.yml encrypted file.
Configure the play to use the devservers host group. Run this play as the devops user on the remote managed host. Configure the play to create the ansibleuser1 user defined by the username variable. Set the user's password using the password hash stored in the pwhash variable.
```
---
- name: create user accounts for all our servers
  hosts: devservers
  become: True
  remote_user: devops
  vars_files:
    - secret.yml
  tasks:
    - name: Creating user from secret.yml
      ansible.builtin.user:
        name: "{{ username }}"
        password: "{{ pwhash }}"
```
Verify the syntax of your create_users.yml playbook by running the ansible-navigator run -m stdout --syntax-check command.
Use the --vault-id @prompt option so that it interactively prompts you for the Vault password that decrypts the secret.yml file. Resolve any syntax errors in your playbook before you continue.
```
[student@workstation data-secret]$ ansible-navigator run -m stdout \
> --playbook-artifact-enable false create_users.yml \
> --syntax-check --vault-id @prompt
Vault password (default): redhat

playbook: /home/student/data-secret/create_users.yml
```
Create a password file named vault-pass that contains the password for ansible-navigator to use instead of prompting you for a password when it runs the create_users.yml playbook. The file must contain the plain text redhat as the Vault password. Change the permissions of the file to 0600.
```
[student@workstation data-secret]$ echo 'redhat' > vault-pass
[student@workstation data-secret]$ chmod 0600 vault-pass
```

Run the Ansible Playbook to create the ansibleuser1 user on a remote system, using the Vault password in the vault-pass file to decrypt the hashed password for that user. That password is stored as a variable in the secret.yml Ansible Vault encrypted file.

[student@workstation data-secret]$ ansible-navigator run \
> -m stdout create_users.yml --vault-password-file=vault-pass

PLAY [create user accounts for all our servers] ********************************

TASK [Gathering Facts] *********************************************************
ok: [servera.lab.example.com]

TASK [Creating users from secret.yml] ******************************************
changed: [servera.lab.example.com]

PLAY RECAP *********************************************************************
servera.lab.example.com    : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Verify that the playbook ran correctly. The ansibleuser1 user should exist and have the correct password on the servera.lab.example.com machine.
Test this by using ssh to log in to the servera.lab.example.com machine as the ansibleuser1 user with redhat as the password.
To make sure that SSH only tries to authenticate by password and not by using an SSH key, use the -o PreferredAuthentications=password option when you log in.
Log off from servera when you have successfully logged in.
```
[student@workstation data-secret]$ ssh -o PreferredAuthentications=password \
> ansibleuser1@servera.lab.example.com
ansibleuser1@servera.lab.example.com's password: redhat
...output omitted...
[ansibleuser1@servera ~]$ exit
logout
Connection to servera.lab.example.com closed.
```

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish data-secret

This concludes the section.

Discuss Red Hat Enterprise Linux Automation with Ansible

Go to community

Red Hat Linux Automation with Ansible (RH294)

Haley_Ruccio

24 lip 2023

Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.

980

curl finds no route to host?

TPeters

23 lip 2023

I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?

1702

Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.

351

Revision: rh294-9.0-c95c7de